Bug 1717880 - [RFE] Add support for password-protecting the keyfile
Summary: [RFE] Add support for password-protecting the keyfile
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: sscg
Version: 8.0
Hardware: All
OS: Unspecified
Target Milestone: rc
: 8.0
Assignee: Stephen Gallagher
QA Contact: Branislav Náter
Lenka Špačková
Depends On:
Blocks: 1672285
TreeView+ depends on / blocked
Reported: 2019-06-06 11:50 UTC by Stephen Gallagher
Modified: 2020-12-16 09:35 UTC (History)
2 users (show)

Fixed In Version: sscg-2.3.3-7.el8
Doc Type: Enhancement
Doc Text:
.`sscg` now supports generating private key files protected by a password The `sscg` utility is now able to generate private key files protected by a password. This adds another level of protection for private keys, and it is required by some services, such as FreeRADIUS.
Clone Of:
Last Closed: 2020-04-28 15:39:11 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Github sgallagher sscg issues 14 0 'None' closed Add support for password-protecting the keyfile 2021-01-14 04:43:45 UTC
Red Hat Product Errata RHEA-2020:1612 0 None None None 2020-04-28 15:39:17 UTC

Description Stephen Gallagher 2019-06-06 11:50:44 UTC
Description of problem:
sscg generates certificates to use in place of self-signed certificates for testing environments and automatic defaults (such as mod_ssl, tog_pegasus and cockpit). Currently, it only supports creating passwordless keyfiles, since most of the current users don't need it to be protected. However, FreeRADIUS will need a password (BZ #1672285) so we should add this functionality so we can migrate FreeRADIUS to using sscg like the other services in RHEL 8.

Version-Release number of selected component (if applicable):

How reproducible:
Every time

Steps to Reproduce:
1. Run `sscg` with any set of available arguments

Actual results:
Certificates and their keys are created, but the keyfiles cannot be created with a password.

Expected results:
There should be an option to provide the password either at the command-line or via standard input.

Additional info:

Comment 1 Stephen Gallagher 2019-06-06 14:25:34 UTC
Pull-request under review upstream:


Comment 15 errata-xmlrpc 2020-04-28 15:39:11 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.