OpenSSL - OpenSSL "req new -batch" - Using DN Default Values Only

OpenSSL "req new -batch" - Using DN Default Values Only

Q

How to run OpenSSL "req -new" command in batch mode? I don't OpenSSL to use DN default values only and do not prompt me.

✍: FYIcenter.com

A

If you have DN (Distinguished Name) default values provided in the configuration file, you can run OpenSSl "req -new -batch" command to take default values only without prompt as shown below:

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
[req]
input_password     = fyicenter
prompt             = yes
distinguished_name = my_req_dn_prompt

[my_req_dn_prompt]

# Minimum of 4 bytes are needed for common name
commonName         = Common Name
commonName_default = FYIcenter.com CA

# ISO2 country code only
countryName         = Country Name
countryName_default = US

# State is optional, no minimum limit
stateOrProvinceName         = State
stateOrProvinceName_default = NY

# City is required
localityName         = City
localityName_default = New York

# Organization is optional
organizationName         = Organization
organizationName_default = FYIcenter.com

# Organization Unit is optional
organizationalUnitName         = Department
organizationalUnitName_default = IT

# Email is optional
emailAddress         = Email
emailAddress_default = ca@fyicenter.com

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf -batch

OpenSSL> req -in test.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYIcenter.com, 
                 OU=IT/emailAddress=ca@fyicenter.com
...

The output confirms that "req -new -batch" uses DN default values without prompting the user.

⇒ OpenSSL "req -new" - "no objects specified in config file" Error

⇐ OpenSSL "req" - "prompt=yes" Mode with DN Defaults

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-10-29, 1463👍, 0💬

OpenSSL "req new -batch" - Using DN Default Values Only
How to run OpenSSL "req -new" command in batch mode? I don't OpenSSL to use DN default values only and do not prompt me. If you have DN (Distinguished Name) default values provided in the configuration file, you can run OpenSSl "req -new -batch" command to take default values only without prompt as ... 2016-10-29, 1464👍, 0💬

OpenSSL "req" - "prompt=yes" Mode with DN Validations
How to specify DN value length limit validations when using the "prompt=yes" mode of the OpenSSL "req -new" command? If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) value length limits in the configuration file. OpenSSL will perform value length validations for you. For ... 2016-10-30, 1153👍, 0💬

OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command? Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file. This can be done by prefix the DN field name with "0.", "1.", and so on. For example. "0.emailAddress=Ema... 2016-10-27, 1144👍, 0💬

OpenSSL "req" - "prompt=yes" Mode with DN Defaults
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command? If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) default values in the configuration file. OpenSSL will prompt the user for DN fields with default values. The user can pre... 2016-10-29, 1136👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.