9

I'm following Heroku's documentation to generate a private key for an SSL certificate.

When I execute the command openssl genrsa -des3 -out server.pass.key 2048, I get the following result:

$ openssl genrsa -des3 -out server.pass.key 2048
Loading 'screen' into random state - done
Generating RSA private key, 2048 bit long modulus
..........................+++
..................................................+++

I can't get to the prompt where I'm supposed to enter the passphrase for the keys.

I don't understand why OpenSSL fails to complete. I've generated keys without triple DES, so I guess the error is in the encryption. How can I get this solved?

jww
  • 90,984
  • 81
  • 374
  • 818
akis
  • 106
  • 1
  • 8
  • You also seem to be missing the `e is 65537 (0x10001)` output. You should probably ask on a site more appropriate to running commands, like [Super User](http://superuser.com/) or [Unix & Linux Stack Exchange](http://unix.stackexchange.com/). Stack Overflow's niche is programming and development questions, and questions would ask about API calls like `RSA_generate_key_ex`. – jww Aug 16 '16 at 21:36
  • That documentation looks a bit odd — it has you generate an encrypted private key, only to have you strip the encryption in the very next step and never use the encrypted version again. As a work around I guess you could just create an unencrypted key directly and use that. – matt Aug 17 '16 at 01:44

1 Answers1

10

I saw this exact symptom in a Git for Windows shell. It might be that it gets stuck trying to ask for a password but can't. So as suggested here I added -passout pass:MyPassword and it worked.

CrazyPyro
  • 2,949
  • 1
  • 29
  • 35
  • Can you show the full command? I tried adding it at the end but then I get "Unable to load private key". `openssl genrsa -des3 -out server.key 2048 -passout pass:MyPassword `openssl req -new -key server.key -out server.csr `openssl x509 -req -days 3650 -in server.csr -signkey server.key -out server.crt `cp server.key server.key.copy `openssl rsa -in server.key.copy -out server.key `rm server.key.copy – David Klempfner Apr 06 '21 at 00:43