[openssl-users] scripting creating a cert

Robert Moskowitz rgm at htt-consult.com
Fri Mar 10 13:24:57 UTC 2017 

Very nice.  But this looks like it as part of the whole easyRSA effort, 
not something I can easily feed into the openssl command to create the 
cert.  It would take a fair bit of digging to dig out what I need for now.

Definitely something I will look into soon, as providing a simple PKI 
for a small installation has long been on my list.  But the effort name 
is limiting.  What about ECDSA and EDDSA certs?  :)

On 03/10/2017 06:58 AM, Jochen Bern wrote:
> On 03/10/2017 01:10 AM, openssl-users-request at openssl.org digested:
>> Thing is that this then prompts for a number of fields:
> [...]
>> Is there some 'simple' way to provide these answers?  Like with env
>> variables?
> Yes, and as others have already pointed out, there's also the
> possibility of command line parameters given to OpenSSL.
>
> A publicly available set of scripts that makes heavy use of the env var
> method and might serve as an example would be easyRSA (here, version 3):
>
>> # grep EASYRSA_REQ_ openssl-1.0.cnf
>> commonName_default      = $ENV::EASYRSA_REQ_CN
>> countryName_default             = $ENV::EASYRSA_REQ_COUNTRY
>> stateOrProvinceName_default     = $ENV::EASYRSA_REQ_PROVINCE
>> localityName_default            = $ENV::EASYRSA_REQ_CITY
>> 0.organizationName_default      = $ENV::EASYRSA_REQ_ORG
>> organizationalUnitName_default  = $ENV::EASYRSA_REQ_OU
>> commonName_default              = $ENV::EASYRSA_REQ_CN
>> emailAddress_default            = $ENV::EASYRSA_REQ_EMAIL
>> # grep EASYRSA_REQ_ easyrsa | grep -v ';;'
>>          [ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
>>          [ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
>>          EASYRSA_REQ_CN="$name"
>>          set_var EASYRSA_REQ_COUNTRY     "US"
>>          set_var EASYRSA_REQ_PROVINCE    "California"
>>          set_var EASYRSA_REQ_CITY        "San Francisco"
>>          set_var EASYRSA_REQ_ORG         "Copyleft Certificate Co"
>>          set_var EASYRSA_REQ_EMAIL       me at example.net
>>          set_var EASYRSA_REQ_OU          "My Organizational Unit"
>>          set_var EASYRSA_REQ_CN          ChangeMe
> https://github.com/OpenVPN/easy-rsa
>
> Kind regards,
>
>

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20170310/df1bde47/attachment-0001.html>

More information about the openssl-users mailing list