4.10.4 Procedure to encrypt unencrypted private server keys
This section describes the procedure to encrypt unencrypted private server keys.
- Organization of this subsection
(1) Procedure to encrypt unencrypted private server keys using RSA encryption
Execute the following command to create an encrypted private server key (PKCS#1 format).
- Format
"Navigation-Platform-installation-directory\PP\uCPSB\httpsd\sbin\openssl.bat" rsa private-key-encryption-type -in path-of-the-pre-encryption-private-server-key-file -out output-path-of-post-encryption-private-server-key-file
- Parameter
-
-
type-of-encryption-used-for-private-key: -des or -des3
If -des is specified, DES (Data Encryption Standard) will be selected as the encryption type.
If -des3 is specified, Triple DES will be selected as the encryption type.
This parameter is irrelevant to the type of encryption for communication between the web server and web browsers.
-
path-of-the-pre-encryption-private-server-key-file:
Specify the path of the pre-encryption private server key file.
-
output-path-of-post-encryption-private-server-key-file:
Specify the path to output the post-encryption private server key file.
-
- Cautionary note:
-
Users will be prompted to enter the pass phrase twice when the command is executed. Enter the same pass phrase twice, from 4 to 64 characters in length. Note that an error will not occur even if a pass phrase of 65 characters or longer is entered.
Take a note of the pass phrase entered as this will be used again when executing other commands.
- Command execution example
"%UCNP_HOME%\PP\uCPSB\httpsd\sbin\openssl.bat" rsa -des -in httpsdkey-unencrypted.pem -out C:\httpsdkey.pem
(2) Procedure to encrypt unencrypted private server keys using ECC (elliptic-curve cryptography)
Execute the following command to create an encrypted private server key (PKCS#8 format).
- Format
"Navigation-Platform-installation-directory\PP\uCPSB\httpsd\sbin\openssl.bat" pkcs8 -topk8 -in path-of-the-pre-encryption-private-server-key-file -out output-path-of-post-encryption-private-server-key-file -v2 private-key-encryption-algorithm
- Parameter
-
-
path-of-the-pre-encryption-private-server-key-file:
Specify the path of the pre-encryption private server key file.
-
output-path-of-post-encryption-private-server-key-file:
Specify the path to output the post-encryption private server key file.
-
private-key-encryption-algorithm: des-cbc or des-ede3-cbc
Specify the algorithm used for private key encryption.
This parameter is irrelevant to the type of encryption for communication between the web server and web browsers.
-
- Cautionary note:
-
Users will be prompted to enter the pass phrase twice when the command is executed. Enter the same pass phrase twice, from 4 to 64 characters in length. Note that an error will not occur even if a pass phrase of 65 characters or longer is entered.
Take a note of the pass phrase entered as this will be used again when executing other commands.
- Command execution example
"%UCNP_HOME%\PP\uCPSB\httpsd\sbin\openssl.bat" pkcs8 -topk8 -in httpsdkey-ecc-unencrypted.pem -out httpsdkey-ecc.pem -v2 des-cbc