Non-interactive creation of SSL certificate requests

you are missing two part:

the subject line, which can be called as

-subj "/C=US/ST=New Sweden/L=Stockholm /O=.../OU=.../CN=.../emailAddress=..."
  • replacing ... with value, X= being X509 code (Organisation/OrganisationUnit/etc ... )

the password value, which can be called as

-passout pass:client11
-passin  pass:client11
  • which give an output/input password

my calling for new key looks like

openssl genrsa -aes256 -out lib/client1.key -passout pass:client11 1024
openssl rsa -in lib/client1.key -passin pass:client11 -out lib/client1-nokey.key

openssl req -new -key lib/client1.key -subj req -new \
    -passin pass:client11 -out lib/client1.csr \
    -subj "/C=US/ST=New Sweden/L=Stockholm/O=.../OU=.../CN=.../emailAddress=..."

(now that I see it, there is two -new ... )


I append to my regular openssl command:

openssl req -x509 -nodes -days 7300 -newkey rsa:2048 -keyout /etc/ssl/private/key.pem -out /etc/ssl/private/cert.pem

This line:

-subj "/C=PE/ST=Lima/L=Lima/O=Acme Inc. /OU=IT Department/CN=acme.com"

Description:

  • Country Name (2 letter code) [AU]:PE
  • State or Province Name (full name) [Some-State]:Lima
  • Locality Name (eg, city) []:Lima
  • Organization Name (eg, company) [Internet Widgits Pty Ltd]:Acme Inc.
  • Organizational Unit Name (eg, section) []:IT Department
  • Common Name (e.g. server FQDN or YOUR name) []:acme.com

Use "/" like separator.


Check for -batch option as described in the official docs.