Nobody likes typing when they don't have to and everything we've typed so far (well, almost) can be put into a configuration file, all the country locations, common names etc..

Not that that should make your life any easier as the OpenSSL configuration file is a touch baroque and not obviously documented.

If we take a sample openssl.cnf file (from creating a CA):

[ req ]
prompt = no
distinguished_name = req_distinguished_name
x509_extensions = v3_ca

[ req_distinguished_name ]
C = GB
ST = Buckinghamshire
L = Newport Pagnell
O = Example Limited
CN = Example Limited CA
emailAddress = webmaster@example.com

[ v3_ca ]
subjectKeyIdentifier=hash
authorityKeyIdentifier=keyid:always,issuer:always
#basicConstraints = critical,CA:true
basicConstraints = CA:true

The req sub-command in OpenSSL will look for the req section in the configuration file or fallback to the default section (the first, un-named, section). The other two parts of the req section are just pointers to the other two sections in the file.

Notable parts are:

• prompt which prevents OpenSSL prompting you and makes it use the values for Country (C), State (ST) etc. from the configuration file.
• C, ST, etc. which are the values for Country, State etc.
• basicConstraints = CA:true which indicates that this request should be for a CA