Yes there are easier ways to do this. Set up a conf file and use it (via the -conf flag). You can use env vars, set default values, and so on. Look at the config manpages, https://www.openssl.org/docs/manmaster/man5/ For a fuller example, see https://www.openssl.org/~rsalz/pki.tgz PS -- find me in Chicago and I can answer questions, Robert :)