OpenSSL "req new -batch" - Using DN Default Values Only

Q

How to run OpenSSL "req -new" command in batch mode? I don't OpenSSL to use DN default values only and do not prompt me.

✍: FYIcenter.com

A

If you have DN (Distinguished Name) default values provided in the configuration file, you can run OpenSSl "req -new -batch" command to take default values only without prompt as shown below:

C:\Users\fyicenter>type test.cnf
# unnamed section of generic options
default_md = md5

# default section for "req" command options
[req]
input_password     = fyicenter
prompt             = yes
distinguished_name = my_req_dn_prompt

[my_req_dn_prompt]

# Minimum of 4 bytes are needed for common name
commonName         = Common Name
commonName_default = FYIcenter.com CA

# ISO2 country code only
countryName         = Country Name
countryName_default = US

# State is optional, no minimum limit
stateOrProvinceName         = State
stateOrProvinceName_default = NY

# City is required
localityName         = City
localityName_default = New York

# Organization is optional
organizationName         = Organization
organizationName_default = FYIcenter.com

# Organization Unit is optional
organizationalUnitName         = Department
organizationalUnitName_default = IT

# Email is optional
emailAddress         = Email
emailAddress_default = ca@fyicenter.com

C:\Users\fyicenter>\local\openssl\openssl.exe

OpenSSL> req -new -key rsa_test.key -out test.csr -config test.cnf -batch

OpenSSL> req -in test.csr -text -noout
Certificate Request:
    Data:
        Version: 0 (0x0)
        Subject: CN=FYIcenter.com CA, C=US, ST=NY, L=New York, O=FYIcenter.com, 
                 OU=IT/emailAddress=ca@fyicenter.com
...

The output confirms that "req -new -batch" uses DN default values without prompting the user.

⇒ OpenSSL "req -new" - "no objects specified in config file" Error

⇐ OpenSSL "req" - "prompt=yes" Mode with DN Defaults

⇑ OpenSSL "req" Command

⇑⇑ OpenSSL Tutorials

2016-10-29, 2060👍, 0💬

OpenSSL "req" - distinguished_name Configuration Section
What is the distinguished_name section in the OpenSSL configuration file? The distinguished_name section in the OpenSSL configuration file is a required section of options when using OpenSSL "req -new" or "req -newkey" commands to generate a new CSR or self-signed certificate. distinguished_name sec... 2016-11-02, 8836👍, 0💬

OpenSSL "req" - X509 V3 Extensions Configuration Options
What are X509 V3 extensions options in the configuration file for the OpenSSL "req" command? X509 V3 extensions options in the configuration file allows you to add extension properties into x.509 v3 certificate when you use OpenSSL commands to generate CSR and self-signed certificates. X509 V3 exten... 2016-10-26, 4792👍, 0💬

OpenSSL "req -new -reqexts" - Specify CSR V3 Extensions
How to specify x.509 v3 extensions options in the configuration file for generating CSR using the OpenSSL "req" command? You can use x.509 v3 extensions options when using OpenSSL "req -new" command to generate a CSR (Certificate Signing Request). The provided x509 extensions will be included in the... 2016-10-25, 4453👍, 0💬

OpenSSL "req" - "prompt=no" Mode
How to use the "prompt=no" mode of the OpenSSL "req -new" command? I want to specify DN field values directly in the configuration file. You can use "prompt=no" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=no" and provide DN (Distinguished Name) field values in the confi... 2016-11-02, 3173👍, 0💬

OpenSSL "req -new" - DN Fields for Personal Certificates
How to use additional DN fields to create CSR for personal certificates? You can set additional DN fields in the configuration file to allow OpenSSL "req -new" command to generate CSR for personal certificates. Additional DN fields are: emailAddress, name, surname, givenName, initials and dnQualifie... 2016-10-27, 2360👍, 0💬

OpenSSL "req new -batch" - Using DN Default Values Only
How to run OpenSSL "req -new" command in batch mode? I don't OpenSSL to use DN default values only and do not prompt me. If you have DN (Distinguished Name) default values provided in the configuration file, you can run OpenSSl "req -new -batch" command to take default values only without prompt as ... 2016-10-29, 2061👍, 0💬

OpenSSL "req" - "prompt=yes" Mode
How to use the "prompt=yes" mode of the OpenSSL "req -new" command? I want to enter DN values at the command prompt. You can use "prompt=yes" mode of the OpenSSL "req -new" command as shown below, if you set "prompt=yes" and provide DN (Distinguished Name) field prompts in the configuration file. C:... 2016-10-30, 1794👍, 0💬

OpenSSL "req" - "prompt=yes" Mode with DN Defaults
How to specify DN value defaults when using the "prompt=yes" mode of the OpenSSL "req -new" command? If you are using "prompt=yes" mode, you can also set DN (Distinguished Name) default values in the configuration file. OpenSSL will prompt the user for DN fields with default values. The user can pre... 2016-10-29, 1590👍, 0💬

OpenSSL "req -new" - Repeating DN Fields
Can I repeat a DN field multiple times in the configuration file for the OpenSSL "req -new" command? Yes, you can repeat a DN (Distinguished Name) field multiple times in the configuration file. This can be done by prefix the DN field name with "0.", "1.", and so on. For example. "0.emailAddress=Ema... 2016-10-27, 1441👍, 0💬

All rights in the contents of this web site are reserved by the individual author. fyicenter.com does not guarantee the truthfulness, accuracy, or reliability of any contents.