Confusion with Pem Pass Phrase and Challenge Password

openssl

When creating a CSR with openSSL it asks me:

Enter PEM pass phrase:

After that it asks:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:

I read that pem pass phrase is for encrypting the key file. And any service(like apache) using the key file will ask for pem pass phrase when rebooting the service. Then what is challenge password?


Solution 1:

This adds the challengePassword attribute to the certificate request, described in PKCS#9 section 5.4.1:

5.4.1 Challenge password

The challengePassword attribute type specifies a password by which an entity may request certificate revocation. The interpretation of challenge passwords is intended to be specified by certificate issuers etc; no particular interpretation is required.

This attribute is part of the request and will not be present in the final certificate. In most cases, you can just leave this attribute empty – most CAs ignore it.

Related

Where does Firefox keep cookies?
Disown process from cygwin bash
What happens during a Windows 7 Install?
How to set line length limit when using grep (Filter result by line length)?
Assign keyboard shortcut to bring window into focus
Google Chrome Extensions are not Syncing
Set process priority to High: Dangerous?
How to get excel row numbers to skip the header
Show Windows 8 Start Menu on the primary monitor
Multiple Skype Accounts in Windows 8
How to see root user processes in Activity Monitor?
how do I merge the tabs of two open Preview windows if I have more than two open?