Hello,
I am developing a program, which uses openssl. It batches the generation of Certificates/Private Key-Pairs. Here an example of a (simple) console call: openssl.exe req -days 3650 -new -keyout example.key -out example.csr -config config.tmp First question: When using the option req, is it possible to change the cipher which is used to encrypt the private key? -> The signing digest is changeable (option "-sha1","-md5",.). (A commandline-argument or an entry for the config-file would be fine) My second question: Is it possible to encrypt a Certificate Request by a password, so that a Certificate can only be created from that Request with knowing the password? My third (last) question: If I omit the option -nodes, the private key file will be encrypted. The password is asked during the creation progress by openssl. It says "Enter PEM-Passphrase:" Is there a way to deliver the Passphrase via a command-line argument, instead of entering it during generation process? I don't want to save the passphrase on disc in an file (i.e. in the openssl config-file with the entries input_password = mysecret output_password = mysecret ), to higher the security level. Thank you for your patience and for your very qood work! Kind regards, Frank Wendel