User profile for user: Bill Eccles
Bill Eccles Author
User level: Level 1
144 points

"openssl -nodes" always asks for a password

I'm using:


openssl pkcs12 -export -nodes -CAfile ca-cert.ca -in PEM.pem -out $YourPKCSFile"_no_password"


in a shell script to generate a P12 file that can be imported into the keychain for use in macOS Server. The script needs to be able to run unattended.


Problem is, every time I invoke the script from the shell (e.g., "$ ./InstallCerts.sh"), I get asked for a password for the export.


Enter Export Password:

Verifying - Enter Export Password:


Not what I want.


According to EVERYTHING on the interwebs, the -nodes flag should prevent openssl from asking for a password. Is the implementation in macOS broken? Or am I doing something wrong?


Thanks,

Bill

Posted on Jul 6, 2017 9:12 AM

Reply
1 reply
User profile for user: Bill Eccles
Bill Eccles Author
User level: Level 1
144 points

Jul 9, 2017 9:44 AM in response to Bill Eccles

It is worth noting that each component of a pkcs12 certificate file can be imported separately into the keychain with (as far as I can tell) identical results to packaging them up into a pkcs12 file and then importing them into the keychain, thus avoiding the problem of having Apache gripe that it can't use the certificate.


I still never made the "-nodes" option work.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

"openssl -nodes" always asks for a password

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up