From 69cd3603a89b481bbb68988da7ff7d57e61d7b9c Mon Sep 17 00:00:00 2001 From: Diego Sandrim Date: Sun, 17 Mar 2019 01:08:34 -0300 Subject: [PATCH 1/2] Improve certutil --pass documentation about empty password --- docs/reference/commands/certutil.asciidoc | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/docs/reference/commands/certutil.asciidoc b/docs/reference/commands/certutil.asciidoc index 06e9dc53bd9b6..6561ce32a409b 100644 --- a/docs/reference/commands/certutil.asciidoc +++ b/docs/reference/commands/certutil.asciidoc @@ -177,14 +177,17 @@ with the `ca` parameter. `--pass `:: Specifies the password for the generated private keys. + -Keys stored in PKCS#12 format are always password protected. +Keys stored in PKCS#12 format are always password protected, however, +this password may be _blank_. If you want to specify a blank password +without a prompt, use `--pass ""` (with no `=`) on the command line. + Keys stored in PEM format are password protected only if the `--pass` parameter is specified. If you do not supply an argument for the `--pass` parameter, you are prompted for a password. -+ -If you want to specify a _blank_ password (without prompting), use -`--pass ""` (with no `=`). +Encrypted PEM files do not support blank passwords (if you do not +wish to password-protected your PEM keys, then do not specify +`--pass`). + `--pem`:: Generates certificates and keys in PEM format instead of PKCS#12. This parameter cannot be used with the `csr` parameter. From 14678cf78864e9419b2d23a37bf8c41a98826d7d Mon Sep 17 00:00:00 2001 From: Yogesh Gaikwad <902768+bizybot@users.noreply.github.com> Date: Wed, 20 Mar 2019 18:52:13 -0300 Subject: [PATCH 2/2] Fix verb conjugation Co-Authored-By: diegocsandrim --- docs/reference/commands/certutil.asciidoc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/reference/commands/certutil.asciidoc b/docs/reference/commands/certutil.asciidoc index 6561ce32a409b..6f4d3224d7aeb 100644 --- a/docs/reference/commands/certutil.asciidoc +++ b/docs/reference/commands/certutil.asciidoc @@ -185,7 +185,7 @@ Keys stored in PEM format are password protected only if the `--pass` parameter is specified. If you do not supply an argument for the `--pass` parameter, you are prompted for a password. Encrypted PEM files do not support blank passwords (if you do not -wish to password-protected your PEM keys, then do not specify +wish to password-protect your PEM keys, then do not specify `--pass`).