[openssl-users] Cant seem to get prompt no to work
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 17 23:54:09 UTC 2017
On 08/17/2017 07:01 PM, Jakob Bohm wrote:
> On 18/08/2017 00:09, Robert Moskowitz wrote:
>>
>>
>> On 08/17/2017 05:38 PM, Salz, Rich wrote:
>>>> declare -x organizationalUnitName=""
>>>> routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
>>> You are setting an empty OU. You should not set it and see if
>>> that works
>>>
>> organizationalUnitName = "." puts a . in it. So I have to figure
>> out a way to drop that line from the config.
>>
>> like if a field is not needed:
>>
>> sed -i -e "s/^organizationalUnitName/#organizationalUnitName/w
>> /dev/stdout" openssl-root.cnf
>>
>>
>> But this is not quite right. I have to find the one that has ENV in
>> it. I DO have an example of one such to use...
>>
>>
> Given all these problems with the Distinguished Name prompting
> mechanism, just add the -subject option to the req command line
> (using appropriate environment variables in the shell script).
Always an option, Jakob. I have done this in the past for my
self-signed certs. I am trying the config approach now. But I may step
back...
I AM making my CA certs. With a SAN caviat in the root cert.
Slow progress.
Bob
More information about the openssl-users
mailing list