How to automate PEM pass phrase when generating OpenSSL cert?
Asked Answered
C

1

11

I am needing to automate the generation of self signed SSL certificates for testing purposes for a project. I am generating a certificate and key using the following OpenSSL command:

> openssl req -x509 -newkey rsa:2048 -keyout myserver.key -out myserver.crt -subj "/C=US/ST=California/L=San Diego/O=Development/OU=Dev/CN=example.com"

During generation you are prompted to create a PEM pass phrase:

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

How can I automate this? I have tried the -passin argument like this:

openssl ...... -passin pass:foobar .....

also

openssl ...... -passin file:secretfile.txt .....

But in both cases it still asks for to create a PEM pass phrase. From what I read I think that passin is only adding a password to the key file...

Is it possible to automate this somehow?

Candicecandid answered 15/4, 2018 at 6:16 Comment(0)
D
9

The process creates a password protected key file. It thus needs a password which gets used to store this output file. But the -passin argument you use is for reading an input file. From the documentation:

-passin arg - the input file password source

Instead you need the proper option to specify the output password, i.e.

-passout arg - the output file password source

Dee answered 15/4, 2018 at 6:58 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.