Private keys are required when you configure the digital certificate services in other Alibaba Cloud products. If the private key is password-protected, the cloud product can neither use the key nor decrypt it using the certificate, which can make the HTTPS service unavailable. To prevent this issue, provide a private key that is not password-protected.

That is, remove password-protection when generating and uploading a private key. Then, the CSR file can be generated by using this private key. For more information about private keys, see What is a public key and a private key.

How do I remove the password-protection from a private key?

To remove password-protection from a private key, use the OpenSSL tool to run the following command:
openssl rsa -in encryedprivate.key -out unencryed.key
Where,
  • encryedprivate.key indicates a password-protected private key.
  • unencryed.key indicates a private key where the password is removed. Either .key or .pem can be used as the extension.

What private keys are password protected?

Use a text editor tool to open your private key file. The file is password protected if a section of the file looks similar to either of the following examples:
  • PKCS #8 Private key encryption formatPKCS #8 private key encryption format
    
    -----BEGIN ENCRYPTED PRIVATE KEY-----
    ...... BASE64 Private key contents
    -----END ENCRYPTED PRIVATE KEY-----
  • OpenSSL ASN format
    
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info:DES-EDE3-CBC,4D5D1AF13367D726
    ...... BASE64 Private key contents
    -----END RSA PRIVATE KEY-----
Note
The Keytool generates password-protected keys only. But, a key can be converted into a non-password-protected file. For more information about the conversion method, see What formats are used for mainstream digital certificates.