Collections:
Other Resources:
OpenSSL "req" - "prompt=yes" Mode with DN Defaults
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command?
✍: FYIcenter.com
If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) default values in the configuration file. OpenSSL will prompt the user for DN fields with default values. The user can press "Enter" key to take default values.
Note that if you want to remove the default value, you can enter "." at the prompt.
For example, "countryName=Country Name" and "countryName_default=US" will tell OpenSSL to prompt the user "Country Name [US]:" for the countryName field. The user can press "Enter" key to take "US", enter "." to remove "US", or enter "CA" for another country.
Below is a test showing you how to use DN value length limits in the OpenSSL configuration file.
C:\Users\fyicenter>type test.cnf # unnamed section of generic options default_md = md5 # default section for "req" command options [req] input_password = fyicenter prompt = yes distinguished_name = my_req_dn_prompt [my_req_dn_prompt] # Minimum of 4 bytes are needed for common name commonName = Common Name commonName_min = 4 commonName_max = 32 commonName_default = FYIcenter.com Root CA # ISO2 country code only countryName = Country Name countryName_min = 2 countryName_max = 2 countryName_default = US # State is optional, no minimum limit stateOrProvinceName = State stateOrProvinceName_max = 24 stateOrProvinceName_default = NY # City is required localityName = City localityName_min = 3 localityName_max = 24 localityName_default = New York # Organization is optional organizationName = Organization organizationName_max = 48 organizationName_default = FYIcenter.com # Organization Unit is optional organizationalUnitName = Department organizationalUnitName_max = 48 organizationalUnitName_default = IT # Email is optional emailAddress = Email emailAddress_max = 48 emailAddress_default = ca@fyicenter.com C:\Users\fyicenter>\local\openssl\openssl.exe OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Common Name [FYIcenter.com CA]: Country Name [US]: State [NY]: City [New York]: Organization [FYIcenter.com]: Department [IT]:. Email [ca@fyicenter.com]:root@fyicenter.com OpenSSL> req -in test.csr -text -noout Certificate Request: Data: Version: 0 (0x0) Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYIcenter.com/emailAddress=root@fyicenter.com ...
As you can see from the test, setting DN default values makes the OpenSSL "req -new" command much easier to use. You can keep pressing "Enter" key, if you like default values.
⇒ OpenSSL "req new -batch" - Using DN Default Values Only
2016-10-29, 5041🔥, 0💬
Popular Posts:
Certificate summary - Owner: thawte DV SSL CA - G2, Domain Validated SSL, "thawte, Inc.", US Issuer:...
What is sslshopper SSL Converter? sslshopper SSL Converter is an online tool that converts a specifi...
How to import a root CA certificate into Mozilla Firefox 47? I delete it from Mozilla Firefox 47 ear...
Certificate summary - Owner: *.etsy.com, Ops, Etsy, L=Secaucus, ST=New Jersey, US Issuer: Cybertrust...
Certificate summary - Owner: www.capitalone.com, Digital STS, Capital One Financial Corporation, STR...