On Wed, Mar 31, 2010 at 14:55:04 -0400, piper.guy1 wrote: > On Wed, Mar 31, 2010 at 2:35 PM, Joe Burpee <jeb [ at ] burkby [ dot ] com> wrote: > > On Wed, Mar 31, 2010 at 12:54:20 -0400, piper.guy1 wrote: > >> 1. Can you create PEM's in OpenSSL without a passphrase? > > > > openssl req -nodes ... > > Now, as a newbie to security, what's my risk exposure? I'm no expert either. Looks like you have posted your questions in various places so you have probably seen lots of the opinionating on the subject. I guess one issue is whether using the evil passphraseless certificates (presumably selectively for specific applications) is somehow less secure than having a passphrase but storing it in plaintext in a script e.g. as a curl option. Can't say for sure, but I think danger may sometimes lie not so much in imperfect methods themselves as in delusions about their relative security. Joe