Hi Aaron, There is no need to generate now another one key set - you can remove des3 encryption from your existing RSA keys. Try this openssl rsa command:
openssl rsa -in key.pem -out keyout.pem keyout.pem will be clean from any passphrases :) Regards, Dmitrij > -----Original Message----- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Aaron Martinez > Sent: Wednesday, November 01, 2006 11:01 PM > To: openssl-users@openssl.org > Subject: N00B needs csr/key help > > I am trying to get my copy of pure-ftpd running with a signed > certificate and having a horrible time. > > I had to send them a csr so i did the following: > > openssl genrsa -des3 -out ftp.mydomain.com.key 1024 > > openssl req -new -key ftp.mydomain.com.key -out ftp.mydomain.com.csr > > I got the key signed from godaddy (it was cheap, anyone have > any ideas on their service?) (also they use an intermediate > key, does everyone now? I don't even know if pureftpd can use > an intermediate key) and so i put the necessary files on my > ftp machine and fired it up. There is a problem however, i > see this in the log: > > Oct 31 17:19:33 ftp pure-ftpd: ([EMAIL PROTECTED]) [ERROR] SSL/TLS > [/etc/pure/private/pure-ftpd.pem]: error:0906406D:PEM > routines:DEF_CALLBACK:problems getting password > > I assume since i used des3 generating the key, that is why > it's looking for a password. For ssl enabled web and ftp > servers is it commonplace to create the private key without > encryption? Does anyone have an idea about this error? > > I was also wondering, if i were to do the same as above only > include the --passout file:/some/directory/path/file like such: > > openssl genrsa -passout file:/etc/pure/pasfile -des3 -out > ftp.mydomain.com.key 1024 > > that generates the key just fine without me having to type in > the password, but does the key then know to read from that > file as well when it's being used? If so, would that also > mean that when pureftpd is looking for the password, the > password file is hardcoded soemhow into the key and it would > be found? I would just try these things, but of course i > have to go through the whole process of generating a new csr > and getting new keys every time i do that from godaddy. > > Thanks in advance. > > Aaron > > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager [EMAIL PROTECTED] > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]
