On Jan 4, 2008 7:19 AM, Tran Son wrote: > Hi all. > Whenever i create certificates using openssl i have to type my pass phrase > and something else. Now how can i create certificate just using single > commands with the pass phrase, country... in the parameter list so i dont > have to type them separately. > I tried some command such as -passin or set input_password parameter in > configuration file but it still required me to type PEM pass phrase. > Thanks
I used environment variables to set the openssl variables in the openssl.cnf file before calling the openssl utility. Below is an openssl.cnf example. You'll need the other sections like [ ca ] and the sections for the matching policies but those are normal. [ req ] default_bits = $ENV::KEY_SIZE default_keyfile = privkey.pem distinguished_name = req_distinguished_name attributes = req_attributes prompt = no output_password = $ENV::KEY_PASS x509_extensions = v3_ca # The extentions to add to the self signed cert [ req_distinguished_name ] C = USA ST = PENNSYLVANIA L = HARRISBURG O = CHOPSTIX INC OU = IT CN = $ENV::KEY_COMMON emailAddress = [EMAIL PROTECTED] The important parts for promptless operation are : prompt = no output_password = $ENV::KEY_PASS In a Python script I export the following variables : KEY_CONFIG = "/blah/openssl.cnf" KEY_DIR = "/blah/keys/" KEY_SIZE = "1024" KEY_COUNTRY = "USA" KEY_PROVINCE = "PENNSYLVANIA" KEY_CITY = "HARRISBURG" KEY_ORG = "CHOPSTIX INC" KEY_EMAIL = "[EMAIL PROTECTED]" KEY_UNIT = "" KEY_COMMON = "" KEY_PASS = "" To create a certificate signing request : openssl req -days 3650 -new -keyout blah.key -out blah.csr -config openssl.cnf To create a certificate : openssl ca -days 3650 -out blah.crt -in blah.csr -config openssl.cnf -batch Hope that helps. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
