2

I've been trying to use the OpenSSL line from this older thread to create a CSR with subject alternative name: Provide subjectAltName to openssl directly on command line

If I run the line from that thread directly, with hard-coded values, it works, but, I want to use that line inside a shell script with parameters for the name of the key file (and the output CSR) and for the subject name string.

So, I have a shell script that looks like this:

openssl req -new -sha256 -key $1.key -subj $2 -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:www.google.com,DNS:www.example.com')) -out $1.csr

However, when I run that shell script like this:

createServerRequestWithSAN.sh google '/C=US/O=My Company/CN=example123.com'

I get an error:

./11A-createServerRequestWithSAN.sh: line 14: syntax error near unexpected token `('
./11A-createServerRequestWithSAN.sh: line 14: `openssl req -new -sha256 -key $1.key -subj $2 -reqexts SAN -config <(cat /etc/pki/tls/openssl.cnf <(printf '[SAN]\nsubjectAltName=DNS:www.google.com,DNS:www.example.com')) -out $1.csr'

Can anyone tell me what the problem is and how to fix it?

Community
  • 1
user555303
  • 121
  • 3
  • That syntax works for me, but you might try a **simpler alternative** (one substitition not two): `... -config <(cat /standard/config; printf '[SAN]\nsubjectAltName=values\n') ...` You do need to doublequote `"$2"` if it contains a space as yours does (or a glob unless it fails and is retained). – dave_thompson_085 Feb 13 '16 at 11:30
  • On further play I found a possible reason: is the bash executing that script in **POSIX mode**, aka `sh`-emulation? If so, `<(` gives exactly that error. – dave_thompson_085 Feb 13 '16 at 15:10

0 Answers0