info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
setting a CSR’s challenge password?
680 views
Skip to first unread message
Felipe Gasper
Nov 2, 2012, 12:20:58 PM11/2/12
to
Hi all,
What ways other than the interactive command shell are available
for setting a CSR’s challenge password attribute?
I can’t find a command-line switch that does it, and perl’s
Crypt::OpenSSL::PKCS10 doesn’t seem to know about it, either.
Thanks!
-Felipe Gasper
Houston, TX
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
What ways other than the interactive command shell are available
for setting a CSR’s challenge password attribute?
I can’t find a command-line switch that does it, and perl’s
Crypt::OpenSSL::PKCS10 doesn’t seem to know about it, either.
Thanks!
-Felipe Gasper
Houston, TX
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openss...@openssl.org
Automated List Manager majo...@openssl.org
Felipe Gasper
Nov 2, 2012, 12:14:50 PM11/2/12
to
Jakob Bohm
Nov 2, 2012, 1:09:14 PM11/2/12
to
On 11/2/2012 5:20 PM, Felipe Gasper wrote:
> Hi all,
>
> What ways other than the interactive command shell are available
> for setting a CSR’s challenge password attribute?
>
> I can’t find a command-line switch that does it, and perl’s
> Crypt::OpenSSL::PKCS10 doesn’t seem to know about it, either.
>
> Thanks!
>
It is set via the passed in config file. Specifically, the openssl req
> Hi all,
>
> What ways other than the interactive command shell are available
> for setting a CSR’s challenge password attribute?
>
> I can’t find a command-line switch that does it, and perl’s
> Crypt::OpenSSL::PKCS10 doesn’t seem to know about it, either.
>
> Thanks!
>
command looks in the [req] section for a line named "attributes", then
the value of that line is the name of another section (without the []).
In that other section, there are lines describing what attributes to
put in the CSR, if there should be any prompting and what the value
should be if not prompting.
So to not prompt for a challenge password and not put a challenge
password in the CSR (the most common need for this), simply do
not mention the challenge password in that section
[req]
...
attributes = req_attributes
[req_attributes]
; Nothing here
To set a specific challenge password in the CSR without prompting
invoke openssl req -config secretfiles/thisreq.cnf where
secretfiles/thisreq.cnf is a modified openssl.cnf with these changes:
; Make sure to prevent others from reading this temp config file
; and wipe it securely after use
[req]
...
attributes = thisreq_attributes
[thisreq_attributes]
challengePassword_default = VerySecretWordTheyCannotGuessThisHaHa
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2730 Herlev, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
0 new messages