OpenSSL "req" - "prompt=no" Mode

Q

How to use the "prompt=no" mode of the OpenSSL "req -new" command? I want to specify DN field values directly in the configuration file.

✍: FYIcenter.com

A

You can use "prompt=no" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=no" and provide DN (Distinguished Name) field values in the configuration file.

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
[req]
input_password      = fyicenter
prompt = no
distinguished_name  = my_req_dn_no_prompt

[my_req_dn_no_prompt]
commonName             = FYIcenter.com CA
countryName            = US
stateOrProvinceName    = NY
localityName           = New York
organizationName       = FYI Center
organizationalUnitName = IT
emailAddress           = ca@fyicenter.com

C:\Users\fyicenter>\local\openssl\openssl.exe
OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf
   
OpenSSL> req -in test.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYI Center, OU=IT
                 /emailAddress=ca@fyicenter.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
...

As you can see from the output, the "req -new" command executed correctly in the "prompt=no" mode. distinguished_name section options are used as DN filed values.

 

OpenSSL "req" - "prompt=yes" Mode

OpenSSL "req" - distinguished_name Configuration Section

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-02, 1384👍, 0💬