Scripting openssl commands
hey all,
I am trying to write a script for generating a CA and having it sign a new key. but there are menus. which are standing in the way of scripting it. Could you help me script it out?
The steps that I am trying to script are:
[12:19 username@kennel03 mir]$ openssl genrsa -out rootCA.key 2048
Generating RSA private key, 2048 bit long modulus
............................+++
............................+++
e is 65537 (0x10001)
[12:19 username@kennel03 mir]$ openssl req -x509 -new -nodes -key rootCA.key -days 3650 -sha256 -out rootCA.pemYou are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Wisconsin
Locality Name (eg, city) [Default City]:Madison
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:kennel03
Email Address []:
[12:20 username@kennel03 mir]$ ls
rootCA.key rootCA.pem
[12:20 username@kennel03 mir]$ openssl genrsa -aes256 -out kennel03.key 2048
Generating RSA private key, 2048 bit long modulus
.....................+++
...................................................................................+++
e is 65537 (0x10001)
Enter pass phrase for kennel03.key:
Verifying - Enter pass phrase for kennel03.key:
[12:21 username@kennel03 mir]$ openssl req -new -key kennel03.key -out kennel03.csr
Enter pass phrase for kennel03.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Wisconsin
Locality Name (eg, city) [Default City]:Madison
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:Kennel03
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[12:22 username@kennel03 mir]$ ls
kennel03.csr kennel03.key rootCA.key rootCA.pem
[12:22 username@kennel03 mir]$ openssl x509 -req -in kennel03.csr -CA rootCA.pem -CAkey rootCA.key -CAcreateserial -out kennel03.crt -days 3650 -sha256
Signature ok
subject=/C=US/ST=Wisconsin/L=Madison/O=Default Company Ltd/CN=Kennel03
Getting CA Private Key
|