Thank You, I am still not sure what you mean though, what command do I have to issue inside the loop? When I am done I only want 1 certificate. I am not looking to generate a seperate one for each server.
--- "Marco \"Kiko\" Carnut" <[EMAIL PROTECTED]> wrote: > Hi Zachary, > > > I am using openssl 0.96 on redhat 7.1. > > > > I am trying to write a script to generate CERTs > for > > me, since I have hundreds of servers to generate > certs > > for. Because of this I want to use the prompt=no > > option for the openssl config file. However I > have > > multiple CN entries in my config file and I am not > > sure how this translates to the "Prompt=no" format > of > > the config file, since the "prompt=no" takes a > > different config file format. > > You will have to generate a new temporary config > file > from a "master" config file each time you generate > your > new cert or CSR. You'd have something like: > > > [ req ] > default_bits = 1024 > distinguished_name = req_distinguished_name > prompt = no > [ req_distinguished_name ] > C = US > ST = Los Angeles > L = California > O = ZakDen > OU = IT Department > CN = %CURRENTCN% > emailAddress = > [EMAIL PROTECTED] > > Say this is "master.cnf". Then in the inner loop of > your > mass-generation script, you'd read "master.cnf", > replace > all occurrences of "%CURRENTCN%" with the name of > the > server and save it to, say, temp.cnf; then, use this > config > file to do the actual generation. > > -K. > ______________________________________________________________________ > OpenSSL Project > http://www.openssl.org > User Support Mailing List > [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
