0

I am trying to automate the process of creating a CSR with OpenSSL using java code. I was able to create a key, which was from this code

pr = rt.exec("cmd /c cd "+directory1+" && " //change directory
            + "set OPENSSL_CONF=c:\\OpenSSL-Win32\\bin\\openssl.cfg && " //setup
            + "openssl genrsa -out "+directory2+input[i]+".key 2048

(First 2 lines set it up, 3rd creates the key) But it in order to create the CSR portion I need to enter input. After entering this...

"openssl req -new -key "+directory2+input[i]+".key -out "+directory2+input[i]+".key.csr

(Fourth line of code), the CMD, (If entered manually) will ask for additional information such as country, state, town, company etc. I am not sure how to get it to work so that I could enter the input that it asks for with my java program.

Here is the main portion in its entirety

rt = Runtime.getRuntime();
    pr = rt.exec("cmd.exe");
    pr = rt.exec("cmd /c cd "+directory1+" && " //change directory
            + "set OPENSSL_CONF=c:\\OpenSSL-Win32\\bin\\openssl.cfg && " //setup
            + "openssl genrsa -out "+directory2+input[i]+".key 2048 &&" //generate key
            + "openssl req -new -key "+directory2+input[i]+".key -out "+directory2+input[i]+".key.csr &&"
            + countryName + " &&"
            + state + " &&"
            + locality + " &&"
            + organization + " &&"
            + unit + " &&"
            + common + " &&"
            + email + " &&"
            + pass + " &&"
            + company);

Below this I am posting the command prompt. It shows me entering the create CSR command manually and then answering its questions manually.

    C:\OpenSSL-Win32\bin>openssl req -new -key C:\Keys\rkm_test.key -out C:\keys\rkm
_test.key.csr
Loading 'screen' into random state - done
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:Yonk
Organization Name (eg, company) [Internet Widgits Pty Ltd]:AAA
Organizational Unit Name (eg, section) []:InfoSec
Common Name (e.g. server FQDN or YOUR name) []:aaa
Email Address []:gmail@gmail.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:aaa_123
An optional company name []:aaa
Tim Gorman
  • 11
  • 2
  • try the `-subj` argument. some examples [here](http://www.shellhacks.com/en/HowTo-Create-CSR-using-OpenSSL-Without-Prompt-Non-Interactive) and [here])https://www.madboa.com/geek/openssl/). and try the password like so: `-password pass:mypasswordhere` – user2524973 Aug 17 '15 at 20:07

2 Answers2

1

How to generate an openSSL key using a passphrase from the command line? (For setting a passphrase)

-subj "/C=US/ST=New York/O=Company/L=city/OU=InfoSec/CN=cod.stack.com/emailAddress=gmail@gmail.com" (For setting everything up other than password)

Community
  • 1
  • 1
Tim Gorman
  • 11
  • 2
0

You can use challangePassword in the command as well.

export domain=SOMEDOMAINNAME
openssl req -nodes -newkey rsa:2048 -keyout $domain.key -out $domain.csr -subj "/C=GB/ST=London/L=London/O=XYZ/OU=XYZ UK/CN=$domain/emailAddress=some@some.com/challengePassword=strongpass"

Although, I am facing problem with attribute /optionalCompanyName=PROBLEM For details please visit: Openssl optionalCompanyName (optional Company Name) in command

shaILU
  • 2,050
  • 3
  • 21
  • 40