Is it possible to generate RSA key without pass phrase?

Solution 1:

If you are generating a self signed cert, you can do both the key and cert in one command like so:

openssl req  -nodes -new -x509  -keyout server.key -out server.cert

Oh, and what @MadHatter said in his answer about omitting the -des3 flag.

Solution 2:

Leave off the -des3 flag, which is an instruction to openssl to encrypt server.key.new (which, incidentally, isn't a new key at all - it's exactly the same as server.key, only with the passphrase changed/stripped off).


Solution 3:

The openssl req command from the answer by @Tom H is correct to create a self-signed certificate in server.cert incl. a password-less RSA private key in server.key:

openssl req -nodes -new -x509 -keyout server.key -out server.cert

Here is how it works. Omitting -des3 as in the answer by @MadHatter is not enough in this case to create a private key without passphrase. It is enough for this purpose in the openssl rsa ("convert a private key") command referred to by @MadHatter and the openssl genrsa ("create a private key") command. Just not for for the openssl req command here. We additionally need -nodes ("No DES encryption of server.key please!").


Solution 4:

Use the -nodes parameter, if this option is specified then the private key will not be encrypted, e.g.:

openssl \
    req \
    -nodes \
    -newkey rsa:2048 \
    -keyout www.example.com.key \
    -out www.example.com.csr \
    -subj "/C=DE/ST=NRW/L=Berlin/O=My Inc/OU=DevOps/CN=www.example.com/[email protected]"

Solution 5:

Just run it again through openssl

first generate the key with the passphrase

then openssl rsa -in server.key -out server.key