OpenSSL "req" - "prompt=no" Mode

Q

How to use the "prompt=no" mode of the OpenSSL "req -new" command? I want to specify DN field values directly in the configuration file.

✍: FYIcenter.com

A

You can use "prompt=no" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=no" and provide DN (Distinguished Name) field values in the configuration file.

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
[req]
input_password      = fyicenter
prompt = no
distinguished_name  = my_req_dn_no_prompt

[my_req_dn_no_prompt]
commonName             = FYIcenter.com CA
countryName            = US
stateOrProvinceName    = NY
localityName           = New York
organizationName       = FYI Center
organizationalUnitName = IT
emailAddress           = ca@fyicenter.com

C:\Users\fyicenter>\local\openssl\openssl.exe
OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf
   
OpenSSL> req -in test.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYI Center, OU=IT
                 /emailAddress=ca@fyicenter.com
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)
...

As you can see from the output, the "req -new" command executed correctly in the "prompt=no" mode. distinguished_name section options are used as DN filed values.

⇒ OpenSSL "req" - "prompt=yes" Mode

⇐ OpenSSL "req" - distinguished_name Configuration Section

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-11-02, 5453👍, 0💬

OpenSSL "req" - distinguished_name Configuration Section
What is the distinguished_name section in the OpenSSL configuration file? The distinguished_name section in the OpenSSL configuration file is a required section of options when using OpenSSL "req -new" or "req -newkey" commands to generate a new CSR or self-signed certificate. distinguished_name sec... 2016-11-02, 14617👍, 0💬

OpenSSL "req -config" - Using Configuration File
Can I use my own configuration file when running "req" command? Yes, you can specify your own configuration file using the "-config file" option when running the "req" command. OpenSSL configuration file allows you to control the behavior of the "req" command with the following options: utf8 - If se... 2016-11-03, 5466👍, 0💬

OpenSSL "req" - "prompt=no" Mode
How to use the "prompt=no" mode of the OpenSSL "req -new" command? I want to specify DN field values directly in the configuration file. You can use "prompt=no" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=no" and provide DN (Distinguished Name) field values in the confi... 2016-11-02, 5454👍, 0💬

OpenSSL "req new -batch" - Using DN Default Values Only
How to run OpenSSL "req -new" command in batch mode? I don't OpenSSL to use DN default values only and do not prompt me. If you have DN (Distinguished Name) default values provided in the configuration file, you can run OpenSSl "req -new -batch" command to take default values only without prompt as ... 2016-10-29, 2654👍, 0💬

OpenSSL "req" - "prompt=yes" Mode
How to use the "prompt=yes" mode of the OpenSSL "req -new" command? I want to enter DN values at the command prompt. You can use "prompt=yes" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=yes" and provide DN (Distinguished Name) field prompts in the configuration file. C:... 2016-10-30, 2622👍, 0💬

OpenSSL "req -x509 -md5" - MD5 Digest for Signing
Can I using MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509" command? Yes, you can use MD5 digest algorithm when generating a self-signed certificate using the OpenSSL "req -x509 -md5" command Without the "-md5" option, the default SHA256 digest algorithm ... 2016-11-05, 2571👍, 0💬

OpenSSL "req" - "prompt=yes" Mode with DN Defaults
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command? If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) default values in the configuration file. OpenSSL will prompt the user for DN fields with default values. The user can pre... 2016-10-29, 2481👍, 0💬

OpenSSL "req" - "prompt=yes" Mode with DN Validations
How to specify DN value length limit validations when using the "prompt=yes" mode of the OpenSSL "req -new" command? If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) value length limits in the configuration file. OpenSSL will perform value length validations for you. For ... 2016-10-30, 1746👍, 0💬

OpenSSL Not Validate Signature in Self-Signed Certificate
Does OpenSSL "verify" command really validate the digital signature in a self-signed certificate? No, OpenSSL "verify" command does not validate the digital signature in a self-signed certificate. In the following test, a CSR with an RSA public key was "self-signed" by the OpenSSL "req -x509" comman... 2016-11-03, 1570👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.