[openssl-users] Cant seem to get prompt no to work

Robert Moskowitz rgm at htt-consult.com
Thu Aug 17 19:23:42 UTC 2017

In the [ ca ] section I have:

prompt   = no

If I leave the = out I get an error, so I am assuming I got the format 
of this right.

Then I have

[ req ]
distinguished_name  = req_distinguished_name

[ req_distinguished_name ]
countryName                     = $ENV::countryName
stateOrProvinceName             = $ENV::stateOrProvinceName

In a terminal window I run:

export countryName=US
export stateOrProvinceName=MI


openssl req -config openssl-root.cnf -key private/ca.key.pem \
       -new -x509 -days 7300 -sha256 -extensions v3_ca -out 

And I am still getting prompted for the DN fields:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
US []:

What did I miss?



More information about the openssl-users mailing list