I use the following set of command to create self-signed certificates for AOL IM.Check out the openssl.conf file, especially the prompt option (which disables prompting and just uses values from the conf file). It has all kinds of stuff like default name, organization, location, etc. You could generate this as part of your script then use openssl -config <YOURFILE>. Note that CA is just a wrapper around openssl commands, so call them directly. You can specify nearly everything that's prompted from the command line. Also, as the interview questions never change, you could just put the input in a file one entry per line and use < to redirect it into the openssl command.
/usr/share/ssl/misc/CA -newreq
/usr/share/ssl/misc/CA -signreq
openssl pkcs12 -export -in newcert.pem -inkey newreq.pem -certfile demoCA/cacert.pem -name "AIMCertificate" -out mycert.p12
Anyone familar enough with CA to propose how to script this process? I'd like to either provide all the required input on the commandline or use redirection to input it. It doesn't appear that CA takes input from the cmd line nor have I found a way to get redirection to work as it prompts for you certificate store password (which it's not reading from redirected standard in)
I'd like to write a script to knock out certificates quickly. Any pointers on working around this security?
// Yes, I know I'm circumventing some levels of security here.
In case you want the necessary first set of commands to create a new CA:
/usr/share/ssl/misc/CA -newca
openssl x509 -in demoCA/cacert.pem -days 1024 -out cacert.pem -signkey demoCA/private/cakey.pem cp cacert.pem demoCA/cacert.pem
See http://www.openssl.org/docs/apps/req.html# for additional info.
Joseph
-- TriLUG mailing list : http://www.trilug.org/mailman/listinfo/trilug TriLUG Organizational FAQ : http://trilug.org/faq/ TriLUG Member Services FAQ : http://members.trilug.org/services_faq/ TriLUG PGP Keyring : http://trilug.org/~chrish/trilug.asc
