Hi,

How do I automate the signing of server certificate by a CA ?
without the following prompt:

(1) "Enter PEM pass phrase:"
(2) "Sign the certificate?"
(3) "commit?"

Thanks.
Hon Luen


F:\openssl_test>openssl ca -policy policy_anything -out
test_cert.pem -config test.conf -infiles test_new.pem
Using configuration from test.conf
Loading 'screen' into random state - done
Enter PEM pass phrase: ********
Check that the request matches the signature
Signature ok
The Subjects Distinguished Name is as follows
countryName           :PRINTABLE:'AU'
stateOrProvinceName   :PRINTABLE:'AU'
localityName          :PRINTABLE:'AU'
organizationName      :PRINTABLE:'TEST'
organizationalUnitName:PRINTABLE:'TEST'
commonName            :PRINTABLE:'192.168.168.222'
Certificate is to be certified until Jun  5 08:25:47 2004 GMT (365 days)
Sign the certificate? [y/n]:y


1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated




----- Original Message ----- 
From: "Michael Czapski" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Wednesday, June 04, 2003 4:53 AM
Subject: RE: Automating Openssl commands


> You could try something like:
>
> echo [ req ] > abc\abc_csr.conf
> echo distinguished_name=req_distinguished_name >> abc\abc_csr.conf
> echo req_extensions = v3_req  >> abc\abc_csr.conf
> echo prompt=no >> abc\abc_csr.conf
> echo [ req_distinguished_name ] >> abc\abc_csr.conf
> echo C=AU >> abc\abc_csr.conf
> echo ST=New South Wales >> abc\abc_csr.conf
> echo L=Sydney >> abc\abc_csr.conf
> echo O=Doddgy Brothers Very Limited  >> abc\abc_csr.conf
> echo OU=Security Division >> abc\abc_csr.conf
> echo [EMAIL PROTECTED] >> abc\abc_csr.conf
> echo [EMAIL PROTECTED] >> abc\abc_csr.conf
> echo [ v3_req ] >> abc\abc_csr.conf
> echo basicConstraints = critical,CA:FALSE >> abc\abc_csr.conf
> echo keyUsage = nonRepudiation, digitalSignature, keyEncipherment,
> dataEncipherment, keyAgreement >> abc\abc_csr.conf
> echo extendedKeyUsage=emailProtection,clientAuth >> abc\abc_csr.conf
>
> .\bin\openssl req -outform PEM -out abc\abc.pem.csr -key
> abc\abc.pem.private.key -keyform PEM -sha1 -days 700 -new -config
> abc\abc_csr.conf -passin pass:somepassphrase
>
> Cheers
>
>
>  -----Original Message-----
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]  On Behalf Of Kwan Hon Luen
> Sent: Tuesday, June 03, 2003 5:31 PM
> To: [EMAIL PROTECTED]
> Cc: [EMAIL PROTECTED]
> Subject: Re: Automating Openssl commands
>
> Hi ,
>
> Thanks.
>
> How do I automate the creation of certificate as well by supplying the
> following attributes?
>
> countryName
> stateOrProvinceName
> localityName
> organizationName
> organizationalUnitName
> commonName
>
> Thanks.
>
> Hon Luen
>
>
>
> ----- Original Message -----
> From: "Marcus Carey" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Tuesday, June 03, 2003 3:23 PM
> Subject: Re: Automating Openssl commands
>
>
> > Under the request section in the openssl.cnf file add the password
> > parameters.
> >
> > [req]
> > input_password =
> > output_password =
> >
> > Marcus
> >
> > ----- Original Message -----
> > From: "Kwan Hon Luen" <[EMAIL PROTECTED]>
> > To: <[EMAIL PROTECTED]>
> > Sent: Monday, June 02, 2003 7:07 PM
> > Subject: Automating Openssl commands
> >
> >
> > > Hi ,
> > >
> > > I am currently using Openssl to generate CA and server/client key
certs.
> > >
> > > Right now, the Openssl prompt me for password when generating CA
> key/cert:
> > >
> > > openssl req -new -x509 -days 3650 -keyout cakey.pem -out
> > > trusted_ca_cert.pem -config openssl.cnf
> > >
> > > (1) Is there a way to use the password as a parameter so that I can
> create
> > > the CA key/cert with just one command, without any password prompting?
> > >
> > > The command below is for generating client/server key/cert. It prompt
me
> > for
> > > password, the CN, etc.
> > >
> > > openssl req -new -keyout test_key.pem -out test_request.pem -config
> > > openssl.cnf
> > >
> > > (2) Is there a way to use the password, CN,etc as parameters so that I
> can
> > > create the CA key/cert with just one command, without any password,
CN,
> > etc
> > > prompting?
> > >
> > > The command below is for certifying the client/server cert using the
CA.
> > It
> > > prompt me to approve the certifying.
> > >
> > > openssl ca -policy policy_anything -out test_cert.pem -config
> > > openssl.cnf -infiles test_new.pem
> > >
> > > (3) Is there a way to use parameter such that the command will not
> prompt
> > me
> > > to confirm certifying the certificate?
> > >
> > > Thanks.
> > >
> > > Hon Luen
> > >
> > > ______________________________________________________________________
> > > OpenSSL Project                                 http://www.openssl.org
> > > User Support Mailing List                    [EMAIL PROTECTED]
> > > Automated List Manager                           [EMAIL PROTECTED]
> >
> >
> > ---
> > Outgoing mail is certified Virus Free.
> > Checked by AVG anti-virus system (http://www.grisoft.com).
> > Version: 6.0.486 / Virus Database: 284 - Release Date: 5/30/2003
> >
> > ______________________________________________________________________
> > OpenSSL Project                                 http://www.openssl.org
> > User Support Mailing List                    [EMAIL PROTECTED]
> > Automated List Manager                           [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]
>
> ______________________________________________________________________
> OpenSSL Project                                 http://www.openssl.org
> User Support Mailing List                    [EMAIL PROTECTED]
> Automated List Manager                           [EMAIL PROTECTED]

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to