openssl req -new with some default subj values

You can do it on the command line with read and using the result variable in your openssl command:

read -p "FQDN? " cn; openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout $cn.key -subj "/CN=$cn\/emailAddress=admin@$cn/C=US/ST=Ohio/L=Columbus/O=Widgets Inc/OU=Some Unit" -out $cn.csr

If this is something you do often, make it a function and add it to your .bashrc file, which allows you to replace the prompt with an argument:

function csr { openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout $1.key -subj "/CN=$cn\/emailAddress=admin@$1/C=US/ST=Ohio/L=Columbus/O=Widgets Inc/OU=Some Unit" -out $1.csr }

Then envoke it whenever you need to like so:

csr example.com

The following openssl.conf file does almost the same thing:

[req]
default_bits=2048
encrypt_key=no
default_md=sha256
distinguished_name=req_subj
[req_subj]
commonName="Fully Qualified Domain Name (FQDN)"
emailAddress="Administrative Email Address"
countryName="Country Name (2 letter code)"
countryName_default=US
stateOrProvinceName="State Name (full name)"
stateOrProvinceName_default=Ohio
localityName="Locality Name (e.g., city)"
localityName_default=Columbus
organizationName="Organization Name (e.g., company)"
organizationName_default=Widgets Inc
organizationalUnitName="Organizational Unit Name (e.g., section)"
organizationalUnitName_default=Some Unit

Then either set your OPENSSL_CONF environment variable to that file

export $OPENSSL_CONF=~/.dotfiles/openssl.conf

or specify it via switch on the CLI

openssl req -new -config openssl.conf -keyout example.key -out example.csr

I say almost because it still prompts you for those attributes, but they're now the default so you can just hammer the Return key to the end after specifying the domain and your email.

Tags:

Openssl