Create SSL certificate non-interactively

The thing you're missing is to include the certificate subject in the -subj flag. I prefer this to creating a config file because it's easier to integrate into a workflow and doesn't require cleaning up afterward.

One step key and csr generation:

openssl req -new -newkey rsa:4096 -nodes \
    -keyout www.example.com.key -out www.example.com.csr \
    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com"

One step self signed passwordless certificate generation:

openssl req -new -newkey rsa:4096 -days 365 -nodes -x509 \
    -subj "/C=US/ST=Denial/L=Springfield/O=Dis/CN=www.example.com" \
    -keyout www.example.com.key  -out www.example.com.cert

Neither of these commands will prompt for any data.

See my answer to this nearly identical question on Super User.

The command you are looking for is:

openssl req -new -x509 -config openssl.cnf -nodes -days 7300 -key server.key -out /etc/ssl/private/pure-ftpd.pem

Changes from your version:

-new is required to generate anything
-key used in place of -signkey

Create SSL certificate non-interactively

Tags:

Scripting

Ssl

Related

Recent Posts