I’ve managed to use the webroot method to generate the certificate chain with no issues. However, I have now hit a snag. I used Apache to allow the ACME verification to take place but the actual software in use on this server is a Windows application running under Mondo. It therefore needs a PVK, rather than PEM, format private key.
I thought that it would be simply a matter of converting the PEM to PVK, but the OpenSSL tool is telling me that I need to provide a pass-phrase. Does the key generated by LetsEncrypt really contain a pass-phrase?
Thanks sahsanu, much appreciated, and my apologies for the delay in replying.
Its interesting that it appears that OpenSSL has supported PVK since version 0.9.9 but there is still no mention of it in the man pages for the rsa command.
Is there no way of converting from PEM to PVK without giving the PVK a pass-phrase? Unfortunately, the software I need the key for has no instructions for use of a pass-phrase - it may be supported, but I would have to work out how.
I’d guessed that not using pvk-strong may avoid the pass-phrase, but apparently not.
As far as I know it is not possible to specify an empty password using openssl. Using pvktool for Windows allows an empty password, maybe you could try it.
C:\test\pvktool>pvk.exe -in privkey.pem -out privkey.pvk -topvk -strong
Enter Password: <--- Here just press enter
Verifying - Enter Password: <--- Again, just press enter
I’ve never used pvk format so don’t know whether this will work with your application.
Thank you Osiris, I will have a good look at the source to see what else (if anything!) is different between -pvk-strong and -pvk-none apart from the use of the pass-phase.