Personaly i preffer linux for generating certficates,
one reason is the non interactive mode for generating certificates which
can be accomplished by simply editing and removing the --interactive statement
found inside the build-key script.
Because the same functionality cannot be found in windows i decided to search it over...
here is my workaround:
1) edit the build-key.bat
original form
@echo off
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
after changes
@echo off
SET KEY_CN=%1
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -batch -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -batch -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
basically i added the -batch statement to both openssl commands and also set KEY_CN value on start of the script
2) edit openssl.cnf file
and add this at line 131
commonName_default = $ENV::KEY_CN
this is above line
commonName = Common Name (eg, your name or your server\'s hostname)
now you can create certificates non-interactively under windows...
Hope it helps someone.
Michael.
non interactive key generation - windows ver
Moderators: TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech, TinCanTech
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
non interactive key generation - windows ver
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
nash
- OpenVpn Newbie
- Posts: 8
- Joined: Sat Feb 26, 2011 4:06 am
-
hi007007
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Jun 06, 2011 9:18 pm
Re: non interactive key generation - windows ver
Hey can please help me to work same thing into linux. Thanks.
-
maikcat
- Forum Team
- Posts: 4200
- Joined: Wed Jan 12, 2011 9:23 am
- Location: Athens,Greece
- Contact:
Re: non interactive key generation - windows ver
hi there,
in linux things are more easy,
simply edit build-key script and remove --interactive parameter...
cheers,
Michael.
in linux things are more easy,
simply edit build-key script and remove --interactive parameter...
cheers,
Michael.
Amiga 500 , Zx +2 owner
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
Long live Dino Dini (Kick off 2 Creator)
Inflammable means flammable? (Dr Nick Riviera,Simsons Season13)
"objects in mirror are losing"
-
hi007007
- OpenVpn Newbie
- Posts: 4
- Joined: Mon Jun 06, 2011 9:18 pm
[SOLVED]Re: non interactive key generation - windows ver
Thanks for your reply. Its works for me. I really appreciated.