I have a lot of keys to generate for my clients VPN server. Whenever I use easy-rsa to generate the keys like this:
./build-key client1
There is some output with a series of questions. The questions all have default answers that are defined in the vars
file.
Generating a 1024 bit RSA private key
............................................++++++
.......................++++++
writing new private key to 'client1.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [US]:
State or Province Name (full name) [CO]:
Locality Name (eg, city) [Denver]:
Organization Name (eg, company) [mycompany]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) [client1]:
Email Address [it@mycompany.com]:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Using configuration from /etc/openvpn/easy-rsa/openssl.cnf
Check that the request matches the signature
Signature ok
The Subject's Distinguished Name is as follows
countryName :PRINTABLE:'US'
stateOrProvinceName :PRINTABLE:'CO'
localityName :PRINTABLE:'Denver'
organizationName :PRINTABLE:'mycompany'
commonName :PRINTABLE:'client1'
emailAddress :IA5STRING:'it@mycompany.com'
Certificate is to be certified until Jan 3 20:16:04 2038 GMT (9999 days)
Sign the certificate? [y/n]:y
1 out of 1 certificate requests certified, commit? [y/n]y
Write out database with 1 new entries
Data Base Updated
All in all, I have to manually press the following keys:
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
ENTER
y
ENTER
y
ENTER
Basically I'm just accepting all default answers and saying 'yes' to the final two questions. Are there any -force
or -quiet
flags or something that I can use with build-key
? If not, are there are scripting or bash tricks I can use to just do this everytime? I can't find anything in any man pages about it.