I'm running a script which should create self-signing SSL certificate by cron, using standard openssl application. The problem is that application assumes user interaction, like waiting for user input. My goal is make this process completely automated.
Let's say, I generate RSA Private Key and CSR (Certificate Signing Request) from the Python script
p = Popen(['openssl', 'genrsa', '-des3', '-out', 'server.key', '1024'], stdout=PIPE, stdin=PIPE, stderr=STDOUT)
openssl
requires passphrase input by the user and verifying it, ie entering the same passphrase twice. If we had passphrase saved in the script, the code passing it to the stdin should look something like this (provided code does not work, just one of my experiments)
p.communicate(input=b'passphrase\npassphrase\n')[0]
Python 3.6.5, Windows 7
Complete bash script to automate
openssl genrsa -des3 -out server.key 1024
openssl req -new -key server.key -out server.csr
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
UPDATE Solution with openssl.cnf also appreciated
I managed to create an unattended solution with bash script only (even though I prefer Python for complete portability, and initial question far from the answer, though I can not edit it)
openssl genrsa -out server.key 1024
openssl req -new -sha256 -key server.key -out server.csr -subj "/C=NL/ST=Amsterdam/L=Amsterdam/O=Mycompany/OU=IT/CN=signature.mycompany.com"
cp server.key server.key.org
openssl rsa -in server.key.org -out server.key
openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.