Passing CSR distinguished-name fields as parameters to OpenSSL

StackOverflow https://stackoverflow.com/questions/16842768

  •  30-05-2022
  •  | 
  •  

Question

How can you generate a CSR without requiring user input, such as to generate CSRs from within an application?

Was it helpful?

Solution

Pass the subject via the "-subj" argument:

openssl req -new -key <private key file> -out <CSR output file> -subj "/C=<Country Name>/ST=<State>/L=<Locality Name>/O=<Organization Name>/CN=<Common Name>"

Note that if you want to have OpenSSL build the subject string for you, you can create the CSR as you normally would, and then execute the command to self-sign it. A perfectly formatted subject line will be echoed-out at the top ("subject="):

openssl x509 -req -days 365 -in server.csr -signkey server.pem

Loading 'screen' into random state - done
Signature ok
subject=/C=US/ST=Florida/L=Miami/O=Test Group/CN=testgroup.server5
Getting Private key
...
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top