I am using following code to generate keys:
apt-get -qq -y install openssl;
mkdir -p /etc/apache2/ssl;
openssl genrsa -des3 -out server.key 1024;
openssl req -new -key server.key -out server.csr;
cp server.key server.key.org;
openssl rsa -in server.key.org -out server.key;
openssl x509 -req -days 12000 -in server.csr -signkey server.key -out server.crt;
mv server.crt /etc/apache2/ssl/cert.pem;
mv server.key /etc/apache2/ssl/cert.key;
rm -f server.key.orig;
rm -f server.csr
I have two questions:
How can I skip the passphrase prompting? Would it be reasonably safe for me to do so? (as in it should not be downright foolish like anyone should be able to hack the certificate)
How do I avoid the prompting for the country name, organization etc. I hope I can give them on command prompt (the man page shows only top level options for OpenSSL)