How to automate PEM pass phrase when generating OpenSSL cert?

Question

I am needing to automate the generation of self signed SSL certificates for testing purposes for a project. I am generating a certificate and key using the following OpenSSL command:

> openssl req -x509 -newkey rsa:2048 -keyout myserver.key -out myserver.crt -subj "/C=US/ST=California/L=San Diego/O=Development/OU=Dev/CN=example.com"

During generation you are prompted to create a PEM pass phrase:

Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

How can I automate this? I have tried the -passin argument like this:

openssl ...... -passin pass:foobar .....

also

openssl ...... -passin file:secretfile.txt .....

But in both cases it still asks for to create a PEM pass phrase. From what I read I think that passin is only adding a password to the key file...

Is it possible to automate this somehow?

score 8 · Accepted Answer · answered Apr 15 '18 at 06:58

8

The process creates a password protected key file. It thus needs a password which gets used to store this output file. But the -passin argument you use is for reading an input file. From the documentation:

-passin arg - the input file password source

Instead you need the proper option to specify the output password, i.e.

-passout arg - the output file password source

answered Apr 15 '18 at 06:58

Steffen Ullrich

114,247
10
131
172

1

Ah I totally misunderstood that. Thank you! – Jake Wilson Apr 15 '18 at 07:01

How to automate PEM pass phrase when generating OpenSSL cert?

1 Answers1