In addition, a folder called "confs" holds all the conf files used to make the certs, this makes backtracking easier. For now only one line gets modified but it leaves progression for future endeavours. The only time you need to press a key other than enter is when it asks if you want to sign the cert. Of course 95% of the script remains the same as before but this modification makes life one step easier and hence minimizes the length of the cert creation process.

Here is an example of a tweaked ssl.cnf file:

''

OME = .

RANDFILE = .rand

[ca]

default_ca = ca_default

[ca_default]

dir = .

certs = $dir/certs

crl_dir = $dir/crl

database = $dir/index.txt

new_certs_dir = $dir/newcerts

certificate = $dir/%s_ca_cert.pem

private_key = $dir/private/%s_ca_key.pem

serial = $dir/serial

crl = $dir/crl.pem

x509_extensions = usr_cert

name_opt = ca_default

cert_opt = ca_default

default_days = 3650

default_crl_days = 30

default_md = md5

preserve = no

policy = policy_match

[policy_match]