[openssl-users] scripting creating a cert

Viktor Dukhovni openssl-users at dukhovni.org
Fri Mar 10 01:17:12 UTC 2017

> On Mar 9, 2017, at 6:49 PM, Robert Moskowitz <rgm at htt-consult.com> wrote:
> I am creating self-signed certs with:
> openssl req -new -outform PEM -out certs/$your_host_tld.crt -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key -keyform PEM -days 3650 -x509 -extensions v3_req
> Where, for example:
> your_host_tld=z9m9z.test.htt-consult.com
> Thing is that this then prompts for a number of fields

The simplest solution is to set the subject DN explicitly on the command-line:

   $ umask 077 # avoid world-readable private keys
   $ openssl req -new -newkey rsa:2048 -nodes -keyout private/$your_host_tld.key \
	-x509 -subj "/CN=$(uname -n)" -out certs/$your_host_tld.crt \
	-days 3650 -extensions v3_req

Fore more advanced related approaches see:



More information about the openssl-users mailing list