Greg,
Thanks for the pointers.
Passphrase problem 1:
I tried out the examples. I am facing a strange problem with the openssl
genrsa command when I do -passout pass:badpass or -passout
file:badpass.file, it doesnt accept it. It gives out the usage instructions.
Same command with the -passout removed turns out fine. I am using
openssl_0.9.4. My openssl.cnf is default installed by openssl as in the
Apache_ModSSL install.
Passphrase problem 2 and Distinguished Name problem 1:
Also, I couldnt figure out how to turn off passphrases completely.
I did try the following in rca.cnf (from the example) that I fed to openssl
req as -config rca.cnf :
./openssl req -new -x509 -days 365 -key rca.key -out rca2.crt -passin
pass:aaaa -config rca.cnf
Where, rca.cnf =
RANDFILE = $ENV::HOME/.rnd
[ req ]
distinguished_name = req_distinguished_name
attributes = req_attributes
prompt = no
[ req_distinguished_name ]
C = US
ST = aaa
L = bbb
O = ccc
OU = ddd
CN = eee
emailAddress = [EMAIL PROTECTED]
[ req_attributes ]
challengePassword_min = 0
challengePassword_max = 0
challengePassword = A challenge password
a. It did not accept -passin argument. It printed out the usage
instructions.
b. It still prompted for the distinguished name, albeit with above settings
as default. So I only had to press ENTER. It still was interactive though.
c. Finally, openssl failed saying - error, no objects specified in config
file. problems making Certificate Request
Can you help ?
Regards,
Sandipan
----- Original Message -----
From: "Greg Stark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Wednesday, February 14, 2001 2:13 AM
Subject: Re: Un-Interactive OpenSSL
> Q1. Check out the documentation of the -config option and maybe
> the -reqexts option of http://www.openssl.org/docs/apps/req.html# and
check
> out the examples at the bottom, as well as the openssl.cnf file that comes
> with the distribution
>
> Q2. Check out the Pass Phrase Argument section of
> http://www.openssl.org/docs/apps/openssl.html#. If your password is
badpass,
> then you can use openssl genrsa -des3 -out rca.key -passout pass:badpass
>
> _____________________________________
> Greg Stark
> Ethentica, Inc.
> [EMAIL PROTECTED]
> _____________________________________
>
>
>
> ----- Original Message -----
> From: Sandipan Gangopadhyay
> To: [EMAIL PROTECTED]
> Sent: Tuesday, February 13, 2001 2:45 PM
> Subject: Un-Interactive OpenSSL
>
>
> Q1. How do I have openssl pick up the Country, Area, etc. details from a
> text file rather than from the console ? Eg, in the following:
> ./openssl req -new -x509 -days 365 -key rca.key -out rca.crt
>
> Q2. How do I have openssl not request a passphrase while generating a key
> pair as in:
> ./openssl genrsa -des3 -out rca.key
>
> Regards,
>
> Sandipan
>
>
>
> ______________________________________________________________________
> OpenSSL Project http://www.openssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
