RE: TLSCertificateKeyFile without password protection?

["Howard Chu" <hyc@highlandsun.com>]

This is a question about OpenSSL, not OpenLDAP. You should be posting
your question on an OpenSSL-Users mailing list.

The answer you need is to use the "-nodes" option to the openssl req
command. This is documented in the online help and the manual.

  -- Howard Chu
  Chief Architect, Symas Corp.       Director, Highland Sun
  http://www.symas.com               http://highlandsun.com/hyc  

> -----Original Message-----
> From: owner-openldap-software@OpenLDAP.org
> [mailto:owner-openldap-software@OpenLDAP.org]On Behalf Of Peter Daum
 
> Hi,

> I am just trying my first steps with openldap. For my
> application, TLS would be important. I am using openssl-0.9.6 on
> Linux.
> 
> The man page for slad.conf mentions with regard to the option
> TLSCertificateKeyFile, that the private key must not be protected
> with a password. Unfortunately, I can't figure out any way to get
> openssl to generate a key without password. When I run openssl to
> generate a certificate request, it always insists on a password
> with at least 4 characters.
> 
> Is there any way to avoid this? I could not find any workaround.
> Btw., the result still works, but unfortunately, I have to start
> slapd manually and enter the password for the private key. All
> attempts to come up with a script to automatically start slapd at
> system start (I even tried expect ;-) failed.
> 
> Regards,
>                 Peter Daum
>