2011/12/17 Yang Chun-Kai <waitmefore...@hotmail.com>: > > >> Date: Fri, 16 Dec 2011 14:52:27 -0500 >> Subject: Re: Generate private key problems >> From: noloa...@gmail.com >> To: openssl-users@openssl.org > >> >> 2011/12/16 Yang Chun-Kai <waitmefore...@hotmail.com>: >> > 1. If I use "openssl genrsa -out my_private_key.key 2048" this command >> > then >> > I will get the encrypted private key or not encrypted key ? >> > >> > because I want to use python ssl module and heard python ssl lib not >> > support >> > encrypted private key for sockets. >> Pyhon's SSL module has some serious problems. You might want to pick a >> different library. See, for example, http://bugs.python.org/issue1589: >> "Unfortunately, hostname matching is one of those ideas that seemed >> better when it was thought up than it actually proved to be in >> practice." >> >> > 2. If I use encrypted key and .crs file to generate a certificate then >> > will >> > certificate be different from being generated with not encrypted key ? >> I don't believe so (other than encryption). >> >> > 3. " openssl genrsa -des3 -out my_private_key.key 2048" this command >> > will >> > generate a private as well, and more it will ask for password, >> > >> > and what is so differen with "-des3" parameter? >> http://www.openssl.org/docs/apps/req.html >>>> >>>>Ok, so not with -des/des3 I will get a not encrypted private key. > >> > >> > 4. How to generate the key and certificate in "PEM format"? Also heard >> > python ssl lib need private key and certificate in PEM f ormat. >> See -outform. >>>> >>>>I checked the manual "openssl genrsa" command not with "-outform PEM" >>>> option, then how can I do this ? >>>>Maybe transform it with "pkey command" ? Try:
$ openssl genrsa -out rsa-openssl.pem 2048 $ openssl pkcs8 -nocrypt -in rsa-openssl.pem -inform PEM -topk8 -outform DER -out rsa-openssl.der Jeff ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
