Closed online-stuff closed 7 years ago
What's your openssl version?:
openssl version
This will create a dom.key with 2048 bit key size if the dom.key doesn't exist:
./gencsr -ks 2048
And this will create a new key regardless if the dom.key exists or not:
./gencsr -ks 2048 -n
without needing to enter the entire command
All parameters are optional, you give what you want.
What's your openssl version?
Ouch (to deleted reply), and yes it is installed..
[root@mimic gencsr-release]# openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013
Cool, thanks for the 2048 parameter, and the other options that makes available ;)
Too old, mine is OpenSSL 1.0.2g 1 Mar 2016
You can try copying the openssl.cnf file to /etc/ssl/ directory:
git clone https://github.com/neurobin/gencsr #download the repo again
cd gencsr #change to gencsr directory
sudo cp openssl.cnf /etc/ssl/openssl.cnf #copy the .cnf file to /etc/ssl/
I uploaded my openssl.cnf file in the repository. If it doesn't work, you will have to update your openssl. Actually you should update it, security tools should always be up to date.
I forgot my server had very little RAM.. Before I ran the package updater, I forgot to change a couple limits.. It broke the server.. Middle of a kernel update when it crashed.. haha
Finally recovered..
OpenSSL 1.0.1e-fips 11 Feb 2013
Full version is 1.0.1e-57.el6.. So the HeartBleed issue was patched..
Regardless.. Copying the openssl.cnf file to /etc/ssl/openssl.cnf fixed the issue.
Not good with text boxes, so hopefully this is readable..
Trying to use your script. Very clean, very simple, I like it..
However it is not working, getting
139739889416008:error:0E06D06C:configuration
file routines:NCONF_get_string:no value:conf_lib.c:335:group=req name=distinguished_name`gencsr.conf
dom.key file is being created each time, .csr file is not.. I am deleting the dom.key file between runs.
Suggestion: Would be nice to specify a key size without needing to enter the entire command. File or option?
./gencsr 2048
or something similar