trouble launching an automated script to create a self-signed certificate

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|

trouble launching an automated script to create a self-signed certificate

Shulman Alexandre
I'm trying to write a script able to create a self-signed certificate automaticaly. I'm using the command:
openssl req -new -key ${KEY} -x509 -out ${CERT}

Unfortunately, I have to enter the DN information manualy.
How can I get through the manual request to get the script to do it itself?


Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez la version beta.
Reply | Threaded
Open this post in threaded view
|

RE: trouble launching an automated script to create a self-signed certificate

David C. Partridge
This may seem a stupid question, but why do you want or need to do this?

You can generate an SS cert with a validity of (say 1 year) and just use it
without needing to generate a new one every time the system starts up.   Is
there something special about the environment that I'm not aware of?

D.

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: trouble launching an automated script to create a self-signed certificate

Julien Demoor
In reply to this post by Shulman Alexandre
Shulman Alexandre wrote:

> I'm trying to write a script able to create a self-signed certificate
> automaticaly. I'm using the command:
> openssl req -new -key ${KEY} -x509 -out ${CERT}
>
> Unfortunately, I have to enter the DN information manualy.
> How can I get through the manual request to get the script to do it
> itself?

Write your script with Expect. It's a Tcl extension that handles
interaction with terminals. http://expect.nist.gov.


______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: trouble launching an automated script to create a self-signed certificate

Dmitry Belyavsky
In reply to this post by Shulman Alexandre
Greetings!

On Thu, 2 Mar 2006, Shulman Alexandre wrote:

> I'm trying to write a script able to create a self-signed certificate automaticaly. I'm using the command:
> openssl req -new -key ${KEY} -x509 -out ${CERT}
>
> Unfortunately, I have to enter the DN information manualy.
> How can I get through the manual request to get the script to do it itself?

-batch, and place necessary info into the req.conf file.

--
SY, Dmitry Belyavsky (ICQ UIN 11116575)

______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: trouble launching an automated script to create a self-signed certificate

Brian Candler
In reply to this post by Shulman Alexandre
On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote:
>    I'm trying to write a script able to create a self-signed certificate
>    automaticaly. I'm using the command:
>    openssl req -new -key ${KEY} -x509 -out ${CERT}
>    Unfortunately, I have to enter the DN information manualy.
>    How can I get through the manual request to get the script to do it
>    itself?

Try:

  openssl req .... -subj "/C=XX/O=Widgets Ltd/OU=Sales/CN=Joe Bloggs/"
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: trouble launching an automated script to create a self-signed certificate

Dr. Stephen Henson
In reply to this post by Shulman Alexandre
On Thu, Mar 02, 2006, Shulman Alexandre wrote:

> I'm trying to write a script able to create a self-signed certificate
> automaticaly. I'm using the command: openssl req -new -key ${KEY} -x509 -out
> ${CERT}
>
> Unfortunately, I have to enter the DN information manualy.  How can I get
> through the manual request to get the script to do it itself?
>

Read the fine manual. There is an example of template mode in there.

Don't use "keystoke simulators" BTW. If the order of the prompts changes or
new ones get added you'll have problems later.

Steve.
--
Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage
OpenSSL project core developer and freelance consultant.
Funding needed! Details on homepage.
Homepage: http://www.drh-consultancy.demon.co.uk
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
User Support Mailing List                    [hidden email]
Automated List Manager                           [hidden email]
Reply | Threaded
Open this post in threaded view
|

Re: trouble launching an automated script to create a self-signed certificate

Shulman Alexandre
In reply to this post by Brian Candler


Brian Candler <[hidden email]> a écrit :
On Thu, Mar 02, 2006 at 11:52:50AM +0100, Shulman Alexandre wrote:
> I'm trying to write a script able to create a self-signed certificate
> automaticaly. I'm using the command:
> openssl req -new -key ${KEY} -x509 -out ${CERT}
> Unfortunately, I have to enter the DN information manualy.
> How can I get through the manual request to get the script to do it
> itself?

Try:

openssl req .... -subj "/C=XX/O=Widgets Ltd/OU=Sales/CN=Joe Bloggs/"
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [hidden email]
Automated List Manager [hidden email]


It says 'unkown option' for -subj . The problem is that I'm using an old version of openssl from 2001 (0.9.6b)

 


Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez la version beta.