[openssl-users] Cant seem to get prompt no to work

Robert Moskowitz rgm at htt-consult.com
Thu Aug 17 23:54:09 UTC 2017



On 08/17/2017 07:01 PM, Jakob Bohm wrote:
> On 18/08/2017 00:09, Robert Moskowitz wrote:
>>
>>
>> On 08/17/2017 05:38 PM, Salz, Rich wrote:
>>>> declare -x organizationalUnitName=""
>>>> routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
>>>     You are setting an empty OU.  You should not set it and see if 
>>> that works
>>>
>> organizationalUnitName = "."  puts a . in it.  So I have to figure 
>> out a way to drop that line from the config.
>>
>> like if a field is not needed:
>>
>> sed -i -e "s/^organizationalUnitName/#organizationalUnitName/w 
>> /dev/stdout" openssl-root.cnf
>>
>>
>> But this is not quite right.  I have to find the one that has ENV in 
>> it.  I DO have an example of one such to use...
>>
>>
> Given all these problems with the Distinguished Name prompting
> mechanism, just add the -subject option to the req command line
> (using appropriate environment variables in the shell script).

Always an option, Jakob.  I have done this in the past for my 
self-signed certs.  I am trying the config approach now.  But I may step 
back...

I AM making my CA certs.  With a SAN caviat in the root cert.

Slow progress.

Bob



More information about the openssl-users mailing list