CODEWITHSUNDEEP
ubuntuopenssl
user375566
user375566

Reputation:

OpenSSL unsigned certs silently

Having trouble with this -- a couple of other related posts out there, but nothing so specific. I'm trying to silently generate certs for a dev machine. These are the commands I originally ran, but was asked for a passphrase:

openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt

The first command below works, but the second doesn't quite work. I see the passin option, but am having trouble, as I'm still getting asked for a passphrase.

openssl genrsa -des3 -passout pass:$passphrase -out server.key 1024
openssl req -passout pass:$passphrase -new -key server.key -out server.csr
openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt

Upvotes: 3

Views: 6608

Answers (2)

Philip Murphy
Philip Murphy

Reputation: 830

Solution for Windows. Create a batch file (start-https-server.bat) with the following:

@echo off

if not exist ".\openssl.cnf" (
    @echo [ req ] > openssl.cnf
    @echo prompt = no >> openssl.cnf
    @echo distinguished_name = req_distinguished_name >> openssl.cnf
    @echo [ req_distinguished_name ] >> openssl.cnf
    @echo C = IE >> openssl.cnf
    @echo ST = Test State >> openssl.cnf
    @echo L = Test Locality >> openssl.cnf
    @echo O = Org Name >> openssl.cnf
    @echo OU = Org Unit Name >> openssl.cnf
    @echo CN = Common Name >> openssl.cnf
    @echo emailAddress = [email protected] >> openssl.cnf

    openssl req -newkey rsa:2048 -new -nodes -keyout key.pem -out csr.pem -config openssl.cnf
    openssl x509 -req -days 365 -in csr.pem -signkey key.pem -out cert.pem
)

Add the following to the end of the batch file to open the site using node's http-server (https://www.npmjs.com/package/http-server).

http-server -S -o

Caveat: this is only suitable for development.

Upvotes: 0

TheRyanBurke_AWS
TheRyanBurke_AWS

Reputation: 542

$ openssl genrsa -out server.key 1024
$ touch openssl.cnf
$ cat >> openssl.cnf <<EOF
[ req ]
prompt = no
distinguished_name = req_distinguished_name

[ req_distinguished_name ]
C = GB
ST = Test State
L = Test Locality
O = Org Name
OU = Org Unit Name
CN = Common Name
emailAddress = [email protected]
EOF
$ openssl req -config openssl.cnf -new -key server.key -out server.csr
$ openssl x509 -req -days 1024 -in server.csr -signkey server.key -out server.crt

Upvotes: 15

Related Questions