On 08/17/2017 04:17 PM, Robert Moskowitz wrote:
On 08/17/2017 04:09 PM, Salz, Rich wrote:
Use the –batch flag to avoid all prompting
I commented out the prompt line and tried again:
openssl req -config openssl-root.cnf -key private/ca.key.pem \
> -new -x509 -days 7300 -sha256 -batch -extensions v3_ca -out
certs/ca.cert.pem
Enter pass phrase for private/ca.key.pem:
error, no objects specified in config file
problems making Certificate Request
Is it not liking the use of ENV for the DN objects? It worked for
$ENV::dir...
export
...
declare -x adminemail="postmaster@xxxxxxxxxxxxxxx"
declare -x commonName="Root CA"
declare -x countryName="US"
declare -x dir="/root/ca"
declare -x localityName="Oak Park"
declare -x organizationName="HTT Consulting"
declare -x organizationalUnitName=""
declare -x stateOrProvinceName="MI"
[ req_distinguished_name ]
# See <https://en.wikipedia.org/wiki/Certificate_signing_request>.
countryName = $ENV::countryName
stateOrProvinceName = $ENV::stateOrProvinceName
localityName = $ENV::localityName
0.organizationName = $ENV::organizationName
organizationalUnitName = $ENV::organizationalUnitName
commonName = $ENV::commonName
When I put the prompt = no in the beginning of the [req] section ( saw
that on one site), I get:
problems making Certificate Request
140134179792760:error:0D07A098:asn1 encoding
routines:ASN1_mbstring_ncopy:string too short:a_mbstr.c:151:minsize=1
Is ENV not working in [req_distinguished_name]?
--
openssl-users mailing list
To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
