On 21 Aug 2012, at 8:03 AM, Brian J. Murrell wrote:
> I have an openssl generated CA and I want to change the passphrase on
> the CA certificate/key. I can't seem to find any documentation on how
> to go about that.
IIRC, the newer way is to use the 'pkey' subcommand, and the older way is to
use the subcommand corresponding to whatever kind of private key you have
('rsa', 'dsa', maybe 'pkcs8'). I think you can just do something like
openssl pkey -in oldkey.pem -aes256 -out newkey.pem
and it'll prompt you for the old and new passphrases.
(Or instead of -aes256 you can use any cipher from 'openssl
list-cipher-algorithms'.)
The CA's private key is just like any other private key, so the operation isn't
different for a CA key from (say) an SSL server's key. (The certificate is not
encrypted, just the private key.)
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
