I need to automate X509 SSL certificate generation in a bash script (without prompt any strings to console).
I generate an SSL key and cert request automatically, but I can not automatize certificate generation without promt password.
This commands works without prompt:
openssl genrsa -des3 -passout pass:passwd -out testem/2.key 1024
openssl req -new -passin pass:passwd -subj "/" -key testem/2.key -out testem/2.csr
This command requests input password:
openssl x509 -req -days 365 -in testem/2.csr -signkey testem/2.key -out testem/2.crt
I can't find the option "-passout" in the manual of the command "x509".
What can be done?
You need to supply the password. Like this for example.
openssl x509 -passin pass:passwd -req -days 365 -in testem/2.csr -signkey testem/2.key -out testem/2.crt
Related
I want to list certificates from .p12 file and then use openssl x509 -enddate to output their expiration date. Here is my command:
openssl pkcs12 -in /download/key.p12 -nokeys -passin pass:"123456"
-clcerts | openssl x509 -enddate
However, it just stopped after processing the first certificates, but in key.p12, there are other certificates and I want to know them all.
Is there a good way to browse all certificates and then get all of their expiration date?
I'm currently working on generating a certificate & private key and trying to import it in a pkcs#12 file, however when i try to generate it, i had a error from OpenSSL. For my tests, i have to insert a friendly name to my privatekey when the p12 is generating. Here under some details :
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
openssl pkcs12 -export -in server.crt -inkey server.key -out server.p12 -name "otto"
After this last command, i enter the server.key passphrase, enter an export password, and after that, a window appears informing that OpenSSL crashed...
I already searched for solutions, but found nothing usefull, does anyone have an idea ?
Thank you for your help
Regards
After running this:
openssl pkcs12 -in path.p12 -out newfile.crt.pem -clcerts -nokeys
I get prompted with the option descriptions.
After running this
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes
I get prompted with "Enter Import Password:". What is this import password? I tried the one I set from the firefox backup and it responded with "Mac verify error: invalid password?". I'm sure that the password is correct because I tested it by importing it again into firefox.
I got the commands from the answer to this question!
I experienced the same thing too. Try to put the password in the command line like this. It works for me:
openssl pkcs12 -in path.p12 -out newfile.key.pem -nocerts -nodes -password pass:<mypassword>
I am like 95% done my shell script to install a Debian mail server from a fresh install, this is based on my currently running mailserver that I know to be working. What I have done is I have captured user input for the required info for the SSL but every time I try to generate the SSL unattended with openssl it fails. Any chance someone can help me? I have tried the following which works for mysql changes but didnt work for me.
openssl req -new -x509 -days 3650 -nodes -out /etc/ssl/certs/postfix.pem -keyout /etc/ssl/private/postfix.pem<<EOF
$country
$state
$city
$org
$unit
$commonname
$email
EOF
This gets me as far as this and then I have to hit enter... not cool as I need to not have to hit anything. Any ideas?
What I've used with SaltStack is:
openssl req -new -x509 -days 365 -nodes \
-out /etc/ssl/certs/postfix.pem \
-keyout /etc/ssl/private/postfix.pem \
-subj "/C=RO/ST=Bucharest/L=Bucharest/O=IT/CN=www.example.ro"
Credit go to Sean P. Kane.
How can I send the RSA-key to openssl rsautl without putting it in a file first.
What I would like to do:
openssl rsautl -decrypt -inkey "MII3f....324=="
instead of
openssl rsautl -decrypt -inkey privateKey.pem
Seems like it's impossible. The docs don't show any arguments that would allow this.
I guess I'll have to write a C++ wrapper.