I made a "self-serve" model with a simple form POST and a script - I received four input parameters and assembled a text file and passed the parameters to the script:
REM set the basic configuration parameters set OPENSSL_CONF=C:\OpenSSL\bin\OpenSSL.cnf REM %1 is emailAddress, %2 is password, %3 is Friendly Name, %4 is PID set PASS=%2 REM make a request for 1024-bit RSA signed by SHA1 using inputs from user-specific attributes.txt - no prompting openssl req -newkey rsa:1024 -sha1 -keyout %4-Key.pem -keyform PEM -out %4-Req.pem -outform PEM -config %1.txt -batch -verbose REM sign the request openssl ca -md sha1 -in %4-Req.pem -out %4-Cert.pem -key password -batch REM make the certificate into PKCS#12 format with the full chain using Priv Key and Export passwords assigned to env var $PASS or %PASS% openssl pkcs12 -aes128 -chain -export -in %4-Cert.pem -out %1.p12 -inkey %4-Key.pem -CAfile cacert.pem -name %3 -passin env:PASS -passout env:PASS Sample attributes.txt file: [ req ] default_bits = 1024 default_keyfile = keyfile.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = gue$sth1sOne! [ req_distinguished_name ] C = US ST = CA L = Palo Alto O = Macrowidgets Inc. OU = Engineering CN = Jack Sprat emailAddress = [EMAIL PROTECTED] [ req_attributes ] challengePassword = gue$sth1sOne! ________________________________ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Urjit Gokhale Sent: Wednesday, August 08, 2007 6:11 AM To: openssl-users@openssl.org Subject: Automated certificate creation Hi, while creating certificate requests using openssl, one is prompted for some information like Country name, Sate, Locality name etc. Though these parameters have defaults set, one has to hit return to move ahead. Is there a way to achieve this without being prompted for any information (either by using default values, or making the appropriate values in some file) ? I believe this can be done through some script, but I was just wondering if such a script already exists. Any hint towards achieving this will be highly appreciated. thank you, ~ Urjit DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails.
