/usr/bin/openssl won't let you create a certificate without a password (at
least not as far as I can tell). That means that you can't create a test
certificate to install on your Web server which will allow the Web server
to come up with SSL enabled without stopping at boot time to prompt for a
password. This is bad.
The default mode for the openssl "genrsa" command does not encrypt the key.
To prevent encryption when generating a key while generating a certificate using
the "req" command, use the "-nodes" flag:
openssl req -new -newkey rsa:1024 -nodes -keyout /tmp/server.key -x509 -out
/tmp/server.crt -days 365