openssl req -new with some default subj values
You can do it on the command line with read
and using the result variable in your openssl
command:
read -p "FQDN? " cn; openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout $cn.key -subj "/CN=$cn\/emailAddress=admin@$cn/C=US/ST=Ohio/L=Columbus/O=Widgets Inc/OU=Some Unit" -out $cn.csr
If this is something you do often, make it a function and add it to your .bashrc
file, which allows you to replace the prompt with an argument:
function csr { openssl req -new -newkey rsa:2048 -sha256 -nodes -keyout $1.key -subj "/CN=$cn\/emailAddress=admin@$1/C=US/ST=Ohio/L=Columbus/O=Widgets Inc/OU=Some Unit" -out $1.csr }
Then envoke it whenever you need to like so:
csr example.com
The following openssl.conf file does almost the same thing:
[req]
default_bits=2048
encrypt_key=no
default_md=sha256
distinguished_name=req_subj
[req_subj]
commonName="Fully Qualified Domain Name (FQDN)"
emailAddress="Administrative Email Address"
countryName="Country Name (2 letter code)"
countryName_default=US
stateOrProvinceName="State Name (full name)"
stateOrProvinceName_default=Ohio
localityName="Locality Name (e.g., city)"
localityName_default=Columbus
organizationName="Organization Name (e.g., company)"
organizationName_default=Widgets Inc
organizationalUnitName="Organizational Unit Name (e.g., section)"
organizationalUnitName_default=Some Unit
Then either set your OPENSSL_CONF
environment variable to that file
export $OPENSSL_CONF=~/.dotfiles/openssl.conf
or specify it via switch on the CLI
openssl req -new -config openssl.conf -keyout example.key -out example.csr
I say almost because it still prompts you for those attributes, but they're now the default so you can just hammer the Return
key to the end after specifying the domain and your email.