openssl rsa -in origca.key.pem -passout stdin -out newca.key.pem openssl rsa -in newca.key.pem -des3 -out ca.key.pem
Dr. Stephen Henson wrote:
On Mon, Apr 05, 2004, Charles B Cranston wrote:
David Gianndrea wrote:
What is the procedure for changing the pass phrase for a key? Does it matter if it is the CA's root key? Will it affect crt's that are already issued?
I tried to answer this with
openssl rsa -in root.key.pem -passout stdin -out drea.key.pem
but even though it waits for something to be typed on standard input before proceeding, the key itself seems to be put out in unencrypted form. I wonder if this is a bug.
openssl version says 0.9.7b 10 Apr 2003 on MacOSX 10.3
Technically yes, it shouldn't attempt to retrieve a pasword for that case. To reencrypt you need to specify the encryption algorithm, for example:
openssl rsa -in key.pem -des3 -out keyn.pem
as to the other OPs query no it wont affect existing certificates because the private key is unaltered.
Steve. -- Dr Stephen N. Henson. Email, S/MIME and PGP keys: see homepage OpenSSL project core developer and freelance consultant. Funding needed! Details on homepage. Homepage: http://www.drh-consultancy.demon.co.uk ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
-- David Gianndrea Senior Network Engineer Comsquared Systems, Inc.
Email: [EMAIL PROTECTED] Web: www.comsquared.com
______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
