0

Using the instructions over here to define the SAN field inside the a openssl certificate, I am using the following commands to generate my own self-signed certificate:

openssl genrsa -out domain.org.key
openssl req -newkey rsa:2048 -nodes -keyout domain.org.key -subj "/C=CN/ST=GD/L=SZ/O=Acme, Inc./CN=*.domain.org" -out domain.org.csr
openssl x509 -req -extfile <(printf "subjectAltName=DNS:domain.org,DNS:www.domain.org") -days 365 -in domain.org.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out domain.org.crt

However, I am getting the following error:

Syntax error: "(" unexpected

I don't see anything specifically wrong with the bash syntax used, could anyone help?

Improve this question
0

1 Answer 1

Reset to default
3

That error-message doesn't look like Bash to me; rather, Bash error-messages look like this:

bash: syntax error near unexpected token `('

I recommend double-checking that you're running these commands in Bash, and not a different shell. (Process substitution isn't specified by POSIX, so not all shells support it.)

If it turns out that Bash is not available, you can use a temporary file:

printf "subjectAltName=DNS:domain.org,DNS:www.domain.org" > tmp-ext-file
openssl x509 -req -extfile tmp-ext-file -days 365 -in domain.org.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out domain.org.crt

or standard input:

printf "subjectAltName=DNS:domain.org,DNS:www.domain.org" \
| openssl x509 -req -extfile /dev/stdin -days 365 -in domain.org.csr -CA rootCA.crt -CAkey rootCA.key -CAcreateserial -out domain.org.crt
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Thanks so much for the pointer! It turned out that I was using a default zsh shell, and forgot to switch back to bash. Thanks so much!
@QPTR: My pleasure! But that's odd, because Zsh does support process substitution: zsh.sourceforge.net/Doc/Release/…. (I don't know enough about Zsh to know why that might not be working for you.)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.