[openssl-users] scripting creating a cert
Viktor Dukhovni
openssl-users at dukhovni.org
Fri Mar 10 01:17:12 UTC 2017
> On Mar 9, 2017, at 6:49 PM, Robert Moskowitz <rgm at htt-consult.com> wrote:
>
> I am creating self-signed certs with:
>
> openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req
>
> Where, for example:
>
> your_host_tld=z9m9z.test.htt-consult.com
>
> Thing is that this then prompts for a number of fields
The simplest solution is to set the subject DN explicitly on the command-line:
$ umask 077 # avoid world-readable private keys
$ openssl req -new -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key \
-x509 -subj "/CN=$(uname -n)" -out certs/$your_host_tld.crt \
-days 3650 -extensions v3_req
Fore more advanced related approaches see:
https://raw.githubusercontent.com/openssl/openssl/master/test/certs/mkcert.sh
--
Viktor.
More information about the openssl-users
mailing list