non interactive key generation - windows ver
Posted: Thu Feb 10, 2011 10:33 am
Personaly i preffer linux for generating certficates,
one reason is the non interactive mode for generating certificates which
can be accomplished by simply editing and removing the --interactive statement
found inside the build-key script.
Because the same functionality cannot be found in windows i decided to search it over...
here is my workaround:
1) edit the build-key.bat
original form
@echo off
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
after changes
@echo off
SET KEY_CN=%1
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -batch -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -batch -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
basically i added the -batch statement to both openssl commands and also set KEY_CN value on start of the script
2) edit openssl.cnf file
and add this at line 131
commonName_default = $ENV::KEY_CN
this is above line
commonName = Common Name (eg, your name or your server\'s hostname)
now you can create certificates non-interactively under windows...
Hope it helps someone.
Michael.
one reason is the non interactive mode for generating certificates which
can be accomplished by simply editing and removing the --interactive statement
found inside the build-key script.
Because the same functionality cannot be found in windows i decided to search it over...
here is my workaround:
1) edit the build-key.bat
original form
@echo off
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
after changes
@echo off
SET KEY_CN=%1
cd %HOME%
rem build a request for a cert that will be valid for ten years
openssl req -batch -days 3650 -nodes -new -keyout %KEY_DIR%\%1.key -out %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem sign the cert request with our ca, creating a cert/key pair
openssl ca -batch -days 3650 -out %KEY_DIR%\%1.crt -in %KEY_DIR%\%1.csr -config %KEY_CONFIG%
rem delete any .old files created in this process, to avoid future file creation errors
del /q %KEY_DIR%\*.old
basically i added the -batch statement to both openssl commands and also set KEY_CN value on start of the script
2) edit openssl.cnf file
and add this at line 131
commonName_default = $ENV::KEY_CN
this is above line
commonName = Common Name (eg, your name or your server\'s hostname)
now you can create certificates non-interactively under windows...
Hope it helps someone.
Michael.