I am generating a root certificate with a bash script.
I have a rootCA_openssl.cnf file with the configuration data:
rootCA_openssl.cnf
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = NO
countryName_default = NO
stateOrProvinceName = Stavanger
stateOrProvinceName_default = Stavanger
organizationName = Stavanger Info
organizationName_default = Stavanger Info
commonName = 88.5.44.3
commonName_default = 88.5.44.3
[ v3_req ]
basicConstraints = CA:true
keyUsage = critical, keyCertSign
Generate RSA
openssl genrsa -aes256 -out rootCA.key --passout pass:password 2048
Create a CSR (Certificate Signing Request) file for root CA certificate
When I try to generate a CSR file Ubuntu promps me with the configuration.
openssl req -new -key rootCA.key -out rootCA.csr -config rootCA_openssl.cnf --passin pass:password
This is what Ubuntu asks me for:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
NO [NO]:
I am going to run the command in a bash script, so I cannot press enter on the keyboard for the questions.
How can I run openssl req without beeing asked for this?
You need to add
prompt = no
to your[ req ]
section.From the
man
page: