我正在使用 bash 脚本生成根证书。
我有一个包含配置数据的 rootCA_openssl.cnf 文件:
rootCA_openssl.cnf
[ req ]
distinguished_name = req_distinguished_name
req_extensions = v3_req
[ req_distinguished_name ]
countryName = NO
countryName_default = NO
stateOrProvinceName = Stavanger
stateOrProvinceName_default = Stavanger
organizationName = Stavanger Info
organizationName_default = Stavanger Info
commonName = 88.5.44.3
commonName_default = 88.5.44.3
[ v3_req ]
basicConstraints = CA:true
keyUsage = critical, keyCertSign
生成 RSA
openssl genrsa -aes256 -out rootCA.key --passout pass:password 2048
为根 CA 证书创建 CSR(证书签名请求)文件
当我尝试生成 CSR 文件时,Ubuntu 会提示我配置。
openssl req -new -key rootCA.key -out rootCA.csr -config rootCA_openssl.cnf --passin pass:password
这是 Ubuntu 向我提出的要求:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
NO [NO]:
我将在 bash 脚本中运行命令,因此无法按下键盘上的 Enter 键来回答问题。
我怎样才能在不被要求的情况下运行 openssl req?
您需要添加
prompt = no到您的[ req ]部分。从
man页面: