Generating Compliant Encrypted Private Keys
Ensure that the encrypted private key that you generate for imported certificates is compliant with Federal Information Processing Standards (FIPS).
To use OpenSSL to generate FIPS-compliant encrypted private keys, you must run version 3.0 or later. Before you begin, you must also ensure that all applications that use OpenSSL only use the FIPS module for cryptographic operations. For more information, see the OpenSSL FIPS module guide.
This topic describes how to generate an encrypted private key by using OpenSSL, but you can perform the same task by using other FIPS-compliant tools and APIs.