User Tools

Site Tools


If you have a private key that is not encrypted (for example, it was created with the “-nodes” command line option), you can encrypt the private key with a password. A typical openssl command and resulting interactive session is shown here:

  > openssl rsa -des3 -in hostkeyNOPASSWORD.pem -out hostkeySECURE.pem
  writing RSA key
  Enter PEM pass phrase:
  Verifying - Enter PEM pass phrase:

Here's an explanation of the command line options:

  • -des3 - encrypt the private key with the triple DES cipher before outputting it. The passphrase you enter must be at least four characters long.
  • -in hostkeyNOPASSWORD.pem - read in the unencrypted private key from the file hostkeyNOPASSWORD.pem.
  • -out hostkeySECURE.pem - write out the encrypted private key to the file hostkeySECURE.pem.
howtos/encrypt_a_private_key.txt · Last modified: 02/12/2018 20:34 by