In the openssl docs it states (at http://www.openssl.org/docs/apps/x509.html#INPUT_OUTPUT_AND_GENERAL_PURPOS) that the '-in' option
specifies the input filename to read a certificate from or standard input if this option is not specified.
I am trying to figure out how to sign a CSR (using a private CA) using stdin to send the CSR. The following line generates an error
openssl x509 -req -CA CA.pem -passin pass:abcdefg -set_serial 40 "-----BEGIN CERTIFICATE REQUEST-----###########-----END CERTIFICATE REQUEST-----"
(where ###### represents the CSR data)
The error is:
unknown option -----BEGIN CERTIFICATE REQUEST-----###########-----END CERTIFICATE REQUEST-----
It takes the input to be an option.
Doing
openssl x509 -req -CA CA.pem -passin pass:abcdefg -set_serial 40 -in request.pem
where request.pem contains the EXACT same data that is between the two "'s in the first line is SUCCESSFUL.
What am I doing wrong?
Best Answer
Erm, you're not providing the CSR on stdin, you're specifying it as a parameter. To provide it from stdin you either need to redirect it from a file, or pipe it from another command. For example:
Or, if the CSR is stored in csr.pem: