Comment 5 for bug 1948506

Thank you for the fix! Was the switch from an encrypted key to an unencrypted one intentional, though?

`openssl genpkey -algorithm RSA -pass pass:foobar -out issuing_ca_key.pem` will ignore the password and generate an unencrypted key; you need to specify a cipher if you want to encrypt the key.

# Legacy (encrypted)
openssl genrsa -passout pass:foobar -des3 -out - 2048 2>/dev/null | head -3
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,F313F3AC3E2BD922

# Update (unencrypted)
openssl genpkey -algorithm RSA -pass pass:foobar -out - 2>/dev/null | head -1
-----BEGIN PRIVATE KEY-----

# Proposed (encrypted)
openssl genpkey -algorithm RSA -pass pass:foobar -aes-256-cbc -out - 2>/dev/null | head -1
-----BEGIN ENCRYPTED PRIVATE KEY-----