I would not like (or cannot) modify the default .cnf openssl config file.
How do tell the openssl command line tool to use a different .cnf file at another location - not the default?
- Stack Overflow is a site for programming and development questions. This question appears to be off-topic because it is not about programming or development. See What topics can I ask about here in the Help Center. Perhaps Super User or Unix & Linux Stack Exchange would be a better place to ask. Also see Where do I post questions about Dev Ops?.jww– jww2016-06-21 06:47:38 +00:00Commented Jun 21, 2016 at 6:47
Add a comment |
1 Answer
You can override openssl configuration using one of the actions:
- Set
OPENSSL_CONFenvironment variable to point to your custom configuration file - Use
-configoption with the commands handling certificate (e.g.req,ca...) - Most of the definition in the
openssl.cnfcan be overridden using command line option.
You can also look at man x509v3_config.
2 Comments
user2956477
could you please post some samples of syntax putting parameters from config file to command line? openssl.cnf use cryptic syntax with dollar signs (never seen in windows world) and I cant found eny example of how to transcript to command line. For example what parameters are mandatory for what actions (req, ca, etc..)
Hari
@user2956477: You can use the subj parameter as follows:
openssl req -new -sha256 -key keyFile.pem -out csrRequest.csrr -subj "/C=US/ST=OH/L=Cincinnati/O=Your Company, Inc./OU=IT/CN=yourdomain.com"