[openssl-users] Cant seem to get prompt no to work
Robert Moskowitz
rgm at htt-consult.com
Thu Aug 17 21:17:19 UTC 2017
On 08/17/2017 04:17 PM, Robert Moskowitz wrote:
>
>
> On 08/17/2017 04:09 PM, Salz, Rich wrote:
>> Use the –batch flag to avoid all prompting
>>
> I commented out the prompt line and tried again:
>
> openssl req -config openssl-root.cnf -key private/ca.key.pem \
> > -new -x509 -days 7300 -sha256 -batch -extensions v3_ca -out
> certs/ca.cert.pem
> Enter pass phrase for private/ca.key.pem:
> error, no objects specified in config file
> problems making Certificate Request
>
> Is it not liking the use of ENV for the DN objects? It worked for
> $ENV::dir...
>
> export
>
> ...
>
> declare -x adminemail="postmaster at htt-consult.com"
> declare -x commonName="Root CA"
> declare -x countryName="US"
> declare -x dir="/root/ca"
> declare -x localityName="Oak Park"
> declare -x organizationName="HTT Consulting"
> declare -x organizationalUnitName=""
> declare -x stateOrProvinceName="MI"
>
>
> [ req_distinguished_name ]
> # See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
> countryName = $ENV::countryName
> stateOrProvinceName = $ENV::stateOrProvinceName
> localityName = $ENV::localityName
> 0.organizationName = $ENV::organizationName
> organizationalUnitName = $ENV::organizationalUnitName
> commonName = $ENV::commonName
>
>
When I put the prompt = no in the beginning of the [req] section ( saw
that on one site), I get:
problems making Certificate Request
140134179792760:error:0D07A098:asn1 encoding
routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
Is ENV not working in [req_distinguished_name]?
More information about the openssl-users
mailing list