How tell OpenSSL to prompt?

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

How tell OpenSSL to prompt?

Charles Mills

This is probably the world’s most basic question but I can’t find the answer.

 

I have the following in my OpenSSL config file:

 

<snip>

[ usr_cert ]

<snip>

subjectAltName =                           @alt_names

<snip>

[ alt_names ]

DNS.1 = foo.com

DNS.2 = bar.com

<snip>

 

It’s working as expected. But what I am trying to get it to do is either prompt the user, or accept foo.com and bar.com on the command line. How do I do that?

 

Is there documentation for the basic scheme of the configuration file? All I have found is documentation for particular usages, but no syntax overview; how you might say DNS.1 = @prompt or something like that.

 

Thanks much.

 

Charles

Reply | Threaded
Open this post in threaded view
|

Re: How tell OpenSSL to prompt?

Dr. Stephen Henson
On Sat, Aug 18, 2012, Charles Mills wrote:

> This is probably the world's most basic question but I can't find the
> answer.
>
>  
>
> I have the following in my OpenSSL config file:
>
>  
>
> <snip>
>
> [ usr_cert ]
>
> <snip>
>
> subjectAltName =                           @alt_names
>
> <snip>
>
> [ alt_names ]
>
> DNS.1 = foo.com
>
> DNS.2 = bar.com
>
> <snip>
>
>  
>
> It's working as expected. But what I am trying to get it to do is either
> prompt the user, or accept foo.com and bar.com on the command line. How do I
> do that?
>
> Is there documentation for the basic scheme of the configuration file? All I
> have found is documentation for particular usages, but no syntax overview;
> how you might say DNS.1 = @prompt or something like that.
>
>  

There is no prompt option but you can use the $ENV syntax to expand an
environment variable and use that on the command line.

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How tell OpenSSL to prompt?

Charles Mills
Thanks.

I apologize -- I freely admit I have not RTFM. Where IS the top level documentation for the configuration file? Where is the starting point?

I am missing some step here. I am running on Windows 7. I say

set VAR_DNS_1 = foo.com
set VAR_DNS_2 = bar.com

Then in the configuration file I say

[ alt_names ]
DNS.1 = $ENV::VAR_DNS_1 # line 224 of the configuration file
DNS.2 = $ENV::VAR_DNS_2

OpenSSL gives me the error

5288:error:0E065068:configuration file routines:STR_COPY:variable has no value:.\crypto\conf\conf_def.c:618:line 224

What else do I need to do? Thanks much, and apologies for the dumb questions.

Charles

<quote author="Dr. Stephen Henson">
On Sat, Aug 18, 2012, Charles Mills wrote:

<snip> 

There is no prompt option but you can use the $ENV syntax to expand an
environment variable and use that on the command line.
Reply | Threaded
Open this post in threaded view
|

Re: How tell OpenSSL to prompt?

Jakob Bohm-7
On 19-08-2012 15:05, CharlesTSR wrote:

>> On Sat, Aug 18, 2012, Charles Mills wrote:
>>> <snip>
>> There is no prompt option but you can use the $ENV syntax to expand an
>> environment variable and use that on the command line.
> Thanks.
> I apologize -- I freely admit I have not RTFM. Where IS the top level
> documentation for the configuration file? Where is the starting point?

http://www.openssl.org/docs/apps/config.html

> I am missing some step here. I am running on Windows 7. I say
> set VAR_DNS_1 = foo.com
> set VAR_DNS_2 = bar.com
> Then in the configuration file I say
> [ alt_names ]
> DNS.1 = $ENV::VAR_DNS_1 # line 224 of the configuration file
> DNS.2 = $ENV::VAR_DNS_2
> OpenSSL gives me the error
> 5288:error:0E065068:configuration file routines:STR_COPY:variable has no
> value:.\crypto\conf\conf_def.c:618:line 224
> What else do I need to do? Thanks much, and apologies for the dumb
> questions.

Did you run openssl.exe from the same command prompt where you
typed the SET commands?

Enjoy

Jakob

--
Jakob Bohm, CIO, Partner, WiseMo A/S.http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: How tell OpenSSL to prompt?

Charles Mills
> http://www.openssl.org/docs/apps/config.html

Okay, thanks, I had seen that. I thought there must be more.

> Did you run openssl.exe from the same command prompt where you
> typed the SET commands?

Absolutely. It is in fact a .BAT file. The following is an exact
cut-and-paste from the file, with only the one node name slightly censored:

set VAR_DNS_1 = MYNOTEBOOK
set VAR_DNS_2 = localhost

C:\OpenSSL-Win32\bin\openssl.exe req -newkey rsa:2048 -sha1 -keyout
%1_server.key.pem -out %1_server.req.pem

Do I also need an [ ENV ] section?

Charles

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of [hidden email]
Sent: Sunday, August 19, 2012 11:17 PM
To: [hidden email]
Subject: Re: How tell OpenSSL to prompt?

On 19-08-2012 15:05, CharlesTSR wrote:

>> On Sat, Aug 18, 2012, Charles Mills wrote:
>>> <snip>
>> There is no prompt option but you can use the $ENV syntax to expand an
>> environment variable and use that on the command line.
> Thanks.
> I apologize -- I freely admit I have not RTFM. Where IS the top level
> documentation for the configuration file? Where is the starting point?

http://www.openssl.org/docs/apps/config.html

> I am missing some step here. I am running on Windows 7. I say
> set VAR_DNS_1 = foo.com
> set VAR_DNS_2 = bar.com
> Then in the configuration file I say
> [ alt_names ]
> DNS.1 = $ENV::VAR_DNS_1 # line 224 of the configuration file
> DNS.2 = $ENV::VAR_DNS_2
> OpenSSL gives me the error
> 5288:error:0E065068:configuration file routines:STR_COPY:variable has no
> value:.\crypto\conf\conf_def.c:618:line 224
> What else do I need to do? Thanks much, and apologies for the dumb
> questions.

Did you run openssl.exe from the same command prompt where you
typed the SET commands?

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: How tell OpenSSL to prompt?

Dr. Stephen Henson
On Mon, Aug 20, 2012, Charles Mills wrote:

> > http://www.openssl.org/docs/apps/config.html
>
> Okay, thanks, I had seen that. I thought there must be more.
>
> > Did you run openssl.exe from the same command prompt where you
> > typed the SET commands?
>
> Absolutely. It is in fact a .BAT file. The following is an exact
> cut-and-paste from the file, with only the one node name slightly censored:
>
> set VAR_DNS_1 = MYNOTEBOOK
> set VAR_DNS_2 = localhost
>
> C:\OpenSSL-Win32\bin\openssl.exe req -newkey rsa:2048 -sha1 -keyout
> %1_server.key.pem -out %1_server.req.pem
>
> Do I also need an [ ENV ] section?
>

Try it without the spaces round the "="

Steve.
--
Dr Stephen N. Henson. OpenSSL project core developer.
Commercial tech support now available see: http://www.openssl.org
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

RE: How tell OpenSSL to prompt?

Charles Mills
Much better. Thanks. Sorry for the dumb question. I have limited Windows
development experience.

Charles

-----Original Message-----
From: [hidden email]
[mailto:[hidden email]] On Behalf Of Dr. Stephen Henson
Sent: Monday, August 20, 2012 9:11 AM
To: [hidden email]
Subject: Re: How tell OpenSSL to prompt?

On Mon, Aug 20, 2012, Charles Mills wrote:

> > http://www.openssl.org/docs/apps/config.html
>
> Okay, thanks, I had seen that. I thought there must be more.
>
> > Did you run openssl.exe from the same command prompt where you typed
> > the SET commands?
>
> Absolutely. It is in fact a .BAT file. The following is an exact
> cut-and-paste from the file, with only the one node name slightly
censored:
>
> set VAR_DNS_1 = MYNOTEBOOK
> set VAR_DNS_2 = localhost
>
> C:\OpenSSL-Win32\bin\openssl.exe req -newkey rsa:2048 -sha1 -keyout
> %1_server.key.pem -out %1_server.req.pem
>
> Do I also need an [ ENV ] section?
>

Try it without the spaces round the "="

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]