I've been writing Rexx on mainframes for years but have struggled with a few quirks writing Windows ooRexx. I've worked out most of these on my own but can't get past the sticking point detailed below.
I'm trying to write a script to invoke OpenSSL to create a Certificate Signing Request (CSR). The basis of the script is to gather details via an input box and use these details to create and submit an OpenSSL command. Most of this has been fine but where I'm stuck is that when the OpenSSL command runs it prompts for a PassPhrase. I've already generated a strong password using another OpenSSL command but can't find a way of passing this PassPhrase back at the prompt.
Any idea how to respond to the OpenSSL program prompt?
FWIW - I've already looked at passing the PassPhrase into the OpenSSL command but there seems to be no way of doing that.
Many thanks
Simos
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
I've been writing Rexx on mainframes for years but have struggled with a
few quirks writing Windows ooRexx. I've worked out most of these on my own
but can't get past the sticking point detailed below.
I'm trying to write a script to invoke OpenSSL to create a Certificate
Signing Request (CSR). The basis of the script is to gather details via an
input box and use these details to create and submit an OpenSSL command.
Most of this has been fine but where I'm stuck is that when the OpenSSL
command runs it prompts for a PassPhrase. I've already generated a strong
password using another OpenSSL command but can't find a way of passing this
PassPhrase back at the prompt.
Any idea how to respond to the OpenSSL program prompt?
FWIW - I've already looked at passing the PassPhrase into the OpenSSL
command but there seems to be no way of doing that.
In general the openssl command says this, which I assume you've already tried:
PASS PHRASE ARGUMENTS
Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.
pass:password
the actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.
env:var
obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.
file:pathname
the first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe.
fd:number
read the password from the file descriptor number. This can be used to send the data via a pipe for example.
stdin
read the password from standard input.
On Jan 30, 2015, at 7:28 AM, Simos wrote:
Hi
I've been writing Rexx on mainframes for years but have struggled with a few quirks writing Windows ooRexx. I've worked out most of these on my own but can't get past the sticking point detailed below.
I'm trying to write a script to invoke OpenSSL to create a Certificate Signing Request (CSR). The basis of the script is to gather details via an input box and use these details to create and submit an OpenSSL command. Most of this has been fine but where I'm stuck is that when the OpenSSL command runs it prompts for a PassPhrase. I've already generated a strong password using another OpenSSL command but can't find a way of passing this PassPhrase back at the prompt.
Any idea how to respond to the OpenSSL program prompt?
FWIW - I've already looked at passing the PassPhrase into the OpenSSL command but there seems to be no way of doing that.
You're right regarding supplying the passphrase via the -passin and -passout parameters. The daft thing is that I managed to insert the passphrase separately on commands to generate the Private key and then the CSR separately but not to generate both at the same time the way I would normally do.
Time for another look (wearing my reading glasses this time :) )
Many thanks to all.
Last edit: Simos 2015-02-04
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
You're right regarding supplying the passphrase via the -passin and -passout parameters. The daft thing is that I managed to the passphrase separately on commands to generate the Private key and then the CSR separately but not to generate both at the same time the way I would normally do.
Time for another look (wearing my reading glasses this time :) )
Hi
I've been writing Rexx on mainframes for years but have struggled with a few quirks writing Windows ooRexx. I've worked out most of these on my own but can't get past the sticking point detailed below.
I'm trying to write a script to invoke OpenSSL to create a Certificate Signing Request (CSR). The basis of the script is to gather details via an input box and use these details to create and submit an OpenSSL command. Most of this has been fine but where I'm stuck is that when the OpenSSL command runs it prompts for a PassPhrase. I've already generated a strong password using another OpenSSL command but can't find a way of passing this PassPhrase back at the prompt.
Any idea how to respond to the OpenSSL program prompt?
FWIW - I've already looked at passing the PassPhrase into the OpenSSL command but there seems to be no way of doing that.
Many thanks
Simos
Simos, could the methods in the WindowsManager class described in the
Windows Extensions Reference document be of any help?
Staffan
On Fri, Jan 30, 2015 at 4:28 PM, Simos simosoritis@users.sf.net wrote:
Perhaps if you share some more details.
In general the openssl command says this, which I assume you've already tried:
PASS PHRASE ARGUMENTS
Several commands accept password arguments, typically using -passin and -passout for input and output passwords respectively. These allow the password to be obtained from a variety of sources. Both of these options take a single argument whose format is described below. If no password argument is given and a password is required then the user is prompted to enter one: this will typically be read from the current terminal with echoing turned off.
pass:password
the actual password is password. Since the password is visible to utilities (like 'ps' under Unix) this form should only be used where security is not important.
env:var
obtain the password from the environment variable var. Since the environment of other processes is visible on certain platforms (e.g. ps under certain Unix OSes) this option should be used with caution.
file:pathname
the first line of pathname is the password. If the same pathname argument is supplied to -passin and -passout arguments then the first line will be used for the input password and the next line for the output password. pathname need not refer to a regular file: it could for example refer to a device or named pipe.
fd:number
read the password from the file descriptor number. This can be used to send the data via a pipe for example.
stdin
read the password from standard input.
On Jan 30, 2015, at 7:28 AM, Simos wrote:
Thanks Bruce.
You're right regarding supplying the passphrase via the -passin and -passout parameters. The daft thing is that I managed to insert the passphrase separately on commands to generate the Private key and then the CSR separately but not to generate both at the same time the way I would normally do.
Time for another look (wearing my reading glasses this time :) )
Many thanks to all.
Last edit: Simos 2015-02-04
We could all use a second set of eyes from time to time.
Sent from an undisclosed location.