190

I'm setting up SSL on an Ubuntu server. One of fields it asks for as part of setting up the CSR is a "challenge password". What is that? The default is blank. Do I need to enter one?

Will Martin
  • 2,381
  • 5
  • 18
  • 18

1 Answers1

165

The "challenge password" requested as part of the CSR generation, is different from the passphrase used to encrypt the secret key (requested at key generation time, or when a plaintext key is later encrypted - and then requested again each time the SSL-enabled service that uses it starts up).

Here's a key being generated, and the beginning of the generated key:

$ openssl genpkey -algorithm rsa -out foo.key
............++++++
...++++++

$ head -3 foo.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJ9jNAG4Noy//r/S
eeK/gEgGOV0BZm0CYmgSQGj4P6N3cJsPlGsG80qKTxTFwoEiXnM3BVeBpDdXhGKt

This key has no passphrase. I wasn't prompted for one at creation, and haven't entered one. Now, let's generate an encrypted key:

$ openssl genpkey -algorithm rsa -des3 -out bar.key
...........................................++++++
.....................................++++++
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:

$ head -3 bar.key
-----BEGIN ENCRYPTED PRIVATE KEY-----
MIICxjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQInfwj1iv3icMCAggA
MBQGCCqGSIb3DQMHBAizMHBklBexiwSCAoDtRKf1WtMiVMH7HraGTIG0rlQS6Xuj

So it should be clear what an encrypted private key (which apache, or any other SSL-enabled server, will need unlocking for it when it starts) and a plaintext private key (which doesn't require unlocking at service start time) look like. Now I'll generate a CSR with a challenge password from the unencrypted key:

$ openssl req -new -key foo.key
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:asdfasdf
An optional company name []:
-----BEGIN CERTIFICATE REQUEST-----
MIIBmzCCAQQCAQAwQjELMAkGA1UEBhMCWFgxFTATBgNVBAcMDERlZmF1bHQgQ2l0
eTEcMBoGA1UECgwTRGVmYXVsdCBDb21wYW55IEx0ZDCBnzANBgkqhkiG9w0BAQEF
AAOBjQAwgYkCgYEAn2M0Abg2jL/+v9J54r+ASAY5XQFmbQJiaBJAaPg/o3dwmw+U
awbzSopPFMXCgSJeczcFV4GkN1eEYq2Cmam3tH6t8mVDh0/UryJSWBsaFm9mh9RF
gIpP0hEkYZTf/0X+X06ukt9S/Id9Z/tVgPsZA3TcNjNhJfVaTm81/4ykq8UCAwEA
AaAZMBcGCSqGSIb3DQEJBzEKDAhhc2RmYXNkZjANBgkqhkiG9w0BAQUFAAOBgQCa
ivuDRBlHOhBjg6wPbH9NvCnvEnxeEAkYi0Sl/Grdo/WCk17e+sv9wgqEW1QSIdbV
XzMeWidurv4AtcATwhfk9tBcYBCTxANkTONzhJG7Yk9OAz8g8Ljo8EEvPf4oHqpw
tBg10DCD2op0lCwL2LBdPO3RG20f/HD6fEXPVxZdOQ==
-----END CERTIFICATE REQUEST-----

And just to show that the key hasn't magically become encrypted:

$ head -3 foo.key
-----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJ9jNAG4Noy//r/S
eeK/gEgGOV0BZm0CYmgSQGj4P6N3cJsPlGsG80qKTxTFwoEiXnM3BVeBpDdXhGKt

So I say again: the "challenge password" requested as part of the CSR generation is not the same thing as a passphrase used to encrypt the secret key. The "challenge password" is basically a shared-secret nonce between you and the SSL certificate-issuer (aka Certification Authority, or CA), embedded in the CSR, which the issuer may use to authenticate you should that ever be needed. Some SSL certificate-issuers make that clearer than others; look down at the bottom of this page to see where they say the challenge password is needed - it's not when you restart apache:

Should you choose to enter and use a challenge password, you will need to make sure that you save that password in a secure place. If you ever need to reinstall your certificate for any reason, you will be required to enter that password.

MadHatter
  • 78,442
  • 20
  • 178
  • 229
  • 2
    Is there a difference between an "SSL Issuer" and a CA (Certificate Authority)? – Jonathan Apr 16 '16 at 01:30
  • I don't think so; would you prefer that I used the alternative term? – MadHatter Apr 16 '16 at 05:20
  • 3
    Technically they aren't issuing the SSL protocol itself, but rather a SSL compatible certificate. I feel like SSL issuer is less clear. SSL Certificate Issuer would be clear, in my humble opinion. – Jonathan May 16 '16 at 08:59
  • @JonathanLeaders ok, I have so changed it. Hope that's better, and thanks for helping clarify matters. – MadHatter May 16 '16 at 09:13
  • 10
    Very (very) complete answer, when one wasn't needed IMHO. Based on the question asked, you could eliminate all of your answer except that following 'The "challenge password" is basically a shared-secret nonce...'. I believe that would have answered the question asked just as completely, with less distracting non-pertinent information. – joe Feb 23 '17 at 06:30
  • 10
    @joe thanks! What you can't see (because you don't have the rep) is that I was responding to a since-deleted earlier answer by a very highly-rated user (who was in this case, unfortunately, wrong) so had to do a point-by-point rebuttal. Its subsequent deletion, which was not done by its author, does make mine look a little odd, but until now I've chosen to let it stand. If enough others support your viewpoint by upvoting your comment, I'll amend my answer. – MadHatter Feb 23 '17 at 07:41
  • Namecheap support are telling me that the challenge password is only needed for certificate on IIS an server. Is that true? (it sounds odd) – f1lt3r Jun 07 '17 at 15:02
  • @AlistairMacDonald I have no idea (sorry), knowing nothing about IIS. It does sound odd, though. – MadHatter Jun 07 '17 at 17:00
  • 3
    I was baffled by this very same question, and found this answer not that helpful for my limited understanding of the subject (due to the way it is written), but fortunately found my answer from https://security.stackexchange.com/a/77082/67048 – zagrimsan Mar 09 '18 at 07:26
  • @MadHatter When generate CSR, how to turn off or avoid asking "challenge password" ? – Chaminda Bandara Nov 12 '20 at 18:02
  • 1
    @ChamindaBandara that's a completely different question; feel free to ask it as one. – MadHatter Nov 12 '20 at 20:11
  • 2
    @MadHatter: Maybe you could move the "secret nonce" portion of your answer to the top as a `TL;DR`? Your answer has good information, but the relevant bit is currently buried at the bottom -- by the time I got to it, I had forgotten what my question was. ;-) – Ethan Furman Apr 20 '21 at 22:52