[openssl-users] Cant seem to get prompt no to work
Robert Moskowitz
rgm at htt-consult.com
Fri Aug 18 17:30:06 UTC 2017
On 08/18/2017 01:16 PM, Dr. Stephen Henson wrote:
> On Thu, Aug 17, 2017, Robert Moskowitz wrote:
>
>> In the [ ca ] section I have:
>>
>> prompt = no
>>
>> If I leave the = out I get an error, so I am assuming I got the
>> format of this right.
>>
>> Then I have
>>
>> [ req ]
>> distinguished_name = req_distinguished_name
>>
>> [ req_distinguished_name ]
>> countryName = $ENV::countryName
>> stateOrProvinceName = $ENV::stateOrProvinceName
>>
>> In a terminal window I run:
>>
>> export countryName=US
>> export stateOrProvinceName=MI
>>
>> then
>>
>> openssl req -config openssl-root.cnf -key private/ca.key.pem \
>> -new -x509 -days 7300 -sha256 -extensions v3_ca -out
>> certs/ca.cert.pem
>>
>>
>> And I am still getting prompted for the DN fields:
>>
>> You are about to be asked to enter information that will be incorporated
>> into your certificate request.
>> What you are about to enter is what is called a Distinguished Name or a DN.
>> There are quite a few fields but you can leave some blank
>> For some fields there will be a default value,
>> If you enter '.', the field will be left blank.
>> -----
>> US []:
>>
>> What did I miss?
>>
> Since this is the req command try "prompt = no" in the req section.
Thank you, but I did get past this point. I got prompt no working and
the way it worked, just did not work well enough.
I threw the towel in on ENV and did get -subj $DN working...
thanks
Bob
More information about the openssl-users
mailing list