A "standard" certificate issued by verisign or another company should work
fine with nsopenssl. The only thing you may have to do is decrypt the key.
Normally the key.pem is passphrase protected/encrypted. nsopenssl doesn't
try to figure out if it's passphrase protected so it won't ask or look for
a passphrase to use to unlock it. This command will strip the passphrase
from the key.pem file:
openssl rsa -in key1.pem -out key2.pem
key2.pem is not encrypted, so you MUST protect it with owner/group perms.
The question might arise: why not make nsopenssl capable of reading
passphrase-protected keys?
The answer: I like to keep things simple. Having the key passphrase
protected doesn't really buy you security when you then put the cleartext
passphrase in your configuration file so it can be unlocked at server
startup time.
I had this problem with Apache: passphrase had to be manually typed in. If
the server went down and came back up during non-work hours, I'd have to go
in and type in the passphrase to get it running with the cert again. No
thanks.
/s.
