[openssl-users] Cant seem to get prompt no to work

Robert Moskowitz rgm at htt-consult.com
Thu Aug 17 20:17:55 UTC 2017

On 08/17/2017 04:09 PM, Salz, Rich wrote:
> Use the –batch flag to avoid all prompting
I commented out the prompt line and tried again:

openssl req -config openssl-root.cnf -key private/ca.key.pem \
 >       -new -x509 -days 7300 -sha256 -batch -extensions v3_ca -out 
Enter pass phrase for private/ca.key.pem:
error, no objects specified in config file
problems making Certificate Request

Is it not liking the use of ENV for the DN objects?  It worked for 



declare -x adminemail="postmaster at htt-consult.com"
declare -x commonName="Root CA"
declare -x countryName="US"
declare -x dir="/root/ca"
declare -x localityName="Oak Park"
declare -x organizationName="HTT Consulting"
declare -x organizationalUnitName=""
declare -x stateOrProvinceName="MI"

[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName                     = $ENV::countryName
stateOrProvinceName             = $ENV::stateOrProvinceName
localityName                    = $ENV::localityName
0.organizationName              = $ENV::organizationName
organizationalUnitName          = $ENV::organizationalUnitName
commonName                      = $ENV::commonName

More information about the openssl-users mailing list