<html>
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
</head>
<body bgcolor="#FFFFFF" text="#000000">
Very nice. But this looks like it as part of the whole easyRSA
effort, not something I can easily feed into the openssl command to
create the cert. It would take a fair bit of digging to dig out
what I need for now.<br>
<br>
Definitely something I will look into soon, as providing a simple
PKI for a small installation has long been on my list. But the
effort name is limiting. What about ECDSA and EDDSA certs? :)<br>
<br>
<div class="moz-cite-prefix">On 03/10/2017 06:58 AM, Jochen Bern
wrote:<br>
</div>
<blockquote
cite="mid:54ed6a10-5815-b26e-00b9-2fb1d0ecb457@binect.de"
type="cite">
<pre wrap="">On 03/10/2017 01:10 AM, <a class="moz-txt-link-abbreviated" href="mailto:openssl-users-request@openssl.org">openssl-users-request@openssl.org</a> digested:
</pre>
<blockquote type="cite">
<pre wrap="">Thing is that this then prompts for a number of fields:
</pre>
</blockquote>
<pre wrap="">[...]
</pre>
<blockquote type="cite">
<pre wrap="">Is there some 'simple' way to provide these answers? Like with env
variables?
</pre>
</blockquote>
<pre wrap="">
Yes, and as others have already pointed out, there's also the
possibility of command line parameters given to OpenSSL.
A publicly available set of scripts that makes heavy use of the env var
method and might serve as an example would be easyRSA (here, version 3):
</pre>
<blockquote type="cite">
<pre wrap=""># grep EASYRSA_REQ_ openssl-1.0.cnf
commonName_default = $ENV::EASYRSA_REQ_CN
countryName_default = $ENV::EASYRSA_REQ_COUNTRY
stateOrProvinceName_default = $ENV::EASYRSA_REQ_PROVINCE
localityName_default = $ENV::EASYRSA_REQ_CITY
0.organizationName_default = $ENV::EASYRSA_REQ_ORG
organizationalUnitName_default = $ENV::EASYRSA_REQ_OU
commonName_default = $ENV::EASYRSA_REQ_CN
emailAddress_default = $ENV::EASYRSA_REQ_EMAIL
</pre>
</blockquote>
<pre wrap="">
</pre>
<blockquote type="cite">
<pre wrap=""># grep EASYRSA_REQ_ easyrsa | grep -v ';;'
[ $EASYRSA_BATCH ] && opts="$opts -batch" || export EASYRSA_REQ_CN="Easy-RSA CA"
[ ! $EASYRSA_BATCH ] && EASYRSA_REQ_CN="$1"
EASYRSA_REQ_CN="$name"
set_var EASYRSA_REQ_COUNTRY "US"
set_var EASYRSA_REQ_PROVINCE "California"
set_var EASYRSA_REQ_CITY "San Francisco"
set_var EASYRSA_REQ_ORG "Copyleft Certificate Co"
set_var EASYRSA_REQ_EMAIL <a class="moz-txt-link-abbreviated" href="mailto:me@example.net">me@example.net</a>
set_var EASYRSA_REQ_OU "My Organizational Unit"
set_var EASYRSA_REQ_CN ChangeMe
</pre>
</blockquote>
<pre wrap="">
<a class="moz-txt-link-freetext" href="https://github.com/OpenVPN/easy-rsa">https://github.com/OpenVPN/easy-rsa</a>
Kind regards,
</pre>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
</blockquote>
<br>
</body>
</html>