发表新帖
发表新帖

is it possible making openssl skipping the country/common name prompts?

后端 未结
关注
5 1721
长情又很酷
长情又很酷 2021-01-31 13:05

Is there a way to make openssl skiping the prompts such as 

Country Name (2 letter code) [US]:
Organization Name (eg, company) [My Company Name LTD.]:
Common Nam
5条回答
  • 佛祖请我去吃肉
    佛祖请我去吃肉 (楼主)
    2021-01-31 13:49

    A mixed approach is not supported

    It may be intuitive to think that a mixed approach is possible, where you may think of putting some static fields in openssl.cnf and specify some (CN) via -subj option. However, that does not work.

    I tested a scenario where I

    • put C, ST, L, O and OU in the openssl.cnf section req_distinguished_name and
    • ran openssl req with -subj=/CN=www.mydom.com.

    openssl complained that mandatory Country Name field is missing and the generated certificate just had CN in the subject line. Seems like -subj option completely overrides the subject line and does not allow updating a single field.

    This makes all following three approaches of supplying subject fields exclusive to each other:

    • Prompts
    • config file
    • -subj option

    0 讨论(0)
 看不清?
提交回复
热议问题