[openssl-users] scripting creating a cert
Jochen Bern
Jochen.Bern at binect.de
Fri Mar 10 11:58:24 UTC 2017
On 03/10/2017 01:10 AM, openssl-users-request at openssl.org digested:
> Thing is that this then prompts for a number of fields:
[...]
> Is there some 'simple' way to provide these answers? Like with env
> variables?
Yes, and as others have already pointed out, there's also the
possibility of command line parameters given to OpenSSL.
A publicly available set of scripts that makes heavy use of the env var
method and might serve as an example would be easyRSA (here, version 3):
> # grep EASYRSA_REQ_ openssl-1.0.cnf
> commonName_default = $ENV::EASYRSA_REQ_CN
> countryName_default = $ENV::EASYRSA_REQ_COUNTRY
> stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
> localityName_default = $ENV::EASYRSA_REQ_CITY
> 0.organizationName_default = $ENV::EASYRSA_REQ_ORG
> organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
> commonName_default = $ENV::EASYRSA_REQ_CN
> emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
> # grep EASYRSA_REQ_ easyrsa | grep -v ';;'
> [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
> [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
> EASYRSA_REQ_CN="$name"
> set_var EASYRSA_REQ_COUNTRY "US"
> set_var EASYRSA_REQ_PROVINCE "California"
> set_var EASYRSA_REQ_CITY "San Francisco"
> set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
> set_var EASYRSA_REQ_EMAIL me at example.net
> set_var EASYRSA_REQ_OU "My Organizational Unit"
> set_var EASYRSA_REQ_CN ChangeMe
https://github.com/OpenVPN/easy-rsa
Kind regards,
--
Jochen Bern
Systemingenieur
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4278 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170310/4fe9e4b3/attachment.bin>
More information about the openssl-users
mailing list