OpenSSL "req" - "prompt=yes" Mode


How to use the "prompt=yes" mode of the OpenSSL "req -new" command? I want to enter DN values at the command prompt.



You can use "prompt=yes" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=yes" and provide DN (Distinguished Name) field prompts in the configuration file.

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
input_password      = fyicenter
prompt              = yes
distinguished_name  = my_req_dn_prompt

commonName             = Common Name
countryName            = Country Name
stateOrProvinceName    = State
localityName           = City
organizationName       = Organization
organizationalUnitName = Department
emailAddress           = Email


OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Common Name [] CA
Country Name []:US
State []:NY
City []:New York
Organization []
Department []:IT
Email []
OpenSSL> req -in test.csr -text -noout
Certificate Request:s
        Version: 0 (0x0)
        Subject: CA, C=US, ST=NY, L=New York, O=FYI Center, OU=IT
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                Public-Key: (1024 bit)

As you can see from the output, the "req -new" command executed correctly in the "prompt=yes" mode. distinguished_name section options are used as DN field prompts.


OpenSSL "req" - "prompt=yes" Mode with DN Validations

OpenSSL "req" - "prompt=no" Mode

OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-10-30, 5426🔥, 0💬