Private Key Requirements
Because FlowForce Server runs unattended, enabling SSL requires that the certificate's private key be unencrypted. In other words, it must not be protected with a password; otherwise, it cannot be used by FlowForce Server. For this reason, the file that stores the private key must have restricted access and be accessible only to entitled personnel in your organization.
To identify whether the private key is password-protected or unencrypted, open the private key file using a text editor or the command line. An encrypted private key begins with the following lines:
-----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: AES-256-CBC,DFC3FAD546517ED6336CFF72AA23F6C7 |
One of the ways to decrypt the private key is by using the OpenSSL toolkit (https://www.openssl.org/). Specifically, you can run the following command to decrypt a private key:
openssl rsa -in enc.key -out dec.key |
Where enc.key is the encrypted key and dec.key is the unencrypted key to be output by the command. For example, assuming that ffenc.key is your encrypted key, you can obtain the unencrypted key by running the following command in the directory where the private key is stored:
openssl rsa -in ffenc.key -out ffdec.key |
After running the command, the ffdec.key file no longer states ENCRYPTED, for example:
-----BEGIN RSA PRIVATE KEY----- MIIEpQIBAAKCAQEAzCCedru/oKzaSiwh6avtf9eMPix99RKpd07fWtwstkuglAdi -- -- -- -----END RSA PRIVATE KEY----- |