Is it possible to generate RSA key without pass phrase?
Solution 1:
If you are generating a self signed cert, you can do both the key and cert in one command like so:
openssl req -nodes -new -x509 -keyout server.key -out server.cert
Oh, and what @MadHatter said in his answer about omitting the -des3
flag.
Solution 2:
Leave off the -des3
flag, which is an instruction to openssl to encrypt server.key.new (which, incidentally, isn't a new key at all - it's exactly the same as server.key, only with the passphrase changed/stripped off).
Solution 3:
The openssl req
command from the answer by @Tom H is correct to create a self-signed certificate in server.cert
incl. a password-less RSA private key in server.key
:
openssl req -nodes -new -x509 -keyout server.key -out server.cert
Here is how it works. Omitting -des3
as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa
("convert a private key") command referred to by @MadHatter and the openssl genrsa
("create a private key") command. Just not for for the openssl req
command here. We additionally need -nodes
("No DES encryption of server.key
please!").
Solution 4:
Use the -nodes
parameter, if this option is specified then the private key will not be encrypted, e.g.:
openssl \
req \
-nodes \
-newkey rsa:2048 \
-keyout www.example.com.key \
-out www.example.com.csr \
-subj "/C=DE/ST=NRW/L=Berlin/O=My Inc/OU=DevOps/CN=www.example.com/[email protected]"
Solution 5:
Just run it again through openssl
first generate the key with the passphrase
then openssl rsa -in server.key -out server.key