I can create a self-signed certificate using this command
openssl req -new -newkey rsa:2048 -days 365 -nodes -x509 -keyout server.key -out server.crtBut is it possible to pass arguments like “Country Name,” “State or Province Name” etc. to OpenSSL to automate this process?
11 Answer
This website explains very well how to do this:
The magic of CSR generation without being prompted for values which go in the certificate's subject field, is in the
-subjoption.-subj arg Replaces subject field of input request with specified data and outputs modified request. The arg must be formatted as /type0=value0/type1=value1/type2=..., characters may be escaped by \ (backslash), no spaces are skipped.
For example:
openssl ... -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com"See more details on the page I linked above.
3
