Thank you everyone for your replies. I will try them out and will get back to you again in case I have any more questions. Thanks a lot.
~ Urjit ----- Original Message ----- From: "Smith, Ryan-P56787" <[EMAIL PROTECTED]> To: <openssl-users@openssl.org> Sent: Wednesday, August 08, 2007 11:37 PM Subject: RE: Automated certificate creation Here is an OpenSSL command that I have had success with this in the past. openssl req -new -out certreq.pem -subj '/C=US/ST=Arizona/L=City/O=Organization/CN=My Common Name' -passout pass:password Of course this certificate request needs to be signed by the CA to become a valid certificate openssl ca -batch -keyfile cakey.pem -cert cacert.pem -key password -out cert.pem -infiles certreq.pem Note: The use of the -key option may not be a good idea, as it bares the Root Key password in cleartext. Similarly, the use of the -passout option in the first command bares the new private key password (corresponding to the new certificate). While this is not as big of deal as revealing the Root Key password, it is sitll a risk. However, this method allows one to create a certificate without input on the command line. Leaving either of these options out, OpenSSL will prompt you to type in the password. Also, any options that are not explicitly set via command line options (key length and algorithm, message digest, etc...) will be obtained from the config file. You can also go the other way with this and put all of the settings in the configuration file (passwords, subj, etc...). Hope this helps. Ryan G Smith ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED] DISCLAIMER ========== This e-mail may contain privileged and confidential information which is the property of Persistent Systems Pvt. Ltd. It is intended only for the use of the individual or entity to which it is addressed. If you are not the intended recipient, you are not authorized to read, retain, copy, print, distribute or use this message. If you have received this communication in error, please notify the sender and delete all copies of this message. Persistent Systems Pvt. Ltd. does not accept any liability for virus infected mails. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
