Private keys are required when you configure the digital certificate services in other Alibaba Cloud products. If the private key is password-protected, the cloud product can neither use the key nor decrypt it using the certificate, which can make the HTTPS service unavailable. To prevent this issue, provide a private key that is not password-protected.
That is, remove password-protection when generating and uploading a private key. Then, the CSR file can be generated by using this private key. For more information about private keys, see What is a public key and a private key.
How do I remove the password-protection from a private key?
openssl rsa -in encryedprivate.key -out unencryed.key
encryedprivate.keyindicates a password-protected private key.
unencryed.keyindicates a private key where the password is removed. Either .key or .pem can be used as the extension.
What private keys are password protected?
- PKCS #8 Private key encryption formatPKCS #8 private key encryption format
-----BEGIN ENCRYPTED PRIVATE KEY----- ...... BASE64 Private key contents -----END ENCRYPTED PRIVATE KEY-----
- OpenSSL ASN format
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info:DES-EDE3-CBC,4D5D1AF13367D726 ...... BASE64 Private key contents -----END RSA PRIVATE KEY-----
|The Keytool generates password-protected keys only. But, a key can be converted into a non-password-protected file. For more information about the conversion method, see What formats are used for mainstream digital certificates.|