Been doing some battles with RANCID sending emails every hour about updated keys.
set comments "This is the default CA certificate the SSL Inspection will use when generating new server certificates." set private-key "-----BEGIN ENCRYPTED PRIVATE KEY----- MIIFDjBABgkqhkiG9w0BBQ0wMzAbBgkqhkiG9w0BBQwwDgQIAWonopcoOy8CAggA MBQGCCqGSIb3DQMHBAg1fEbM20Ga/ASCBMgqWOvL0dpFbbhMclMtBWkZkMnxq9tD vo9Rb1AKI2bR6GKrmn9/lQ6Svb1Sp84e6ZDbJKCzsVq0rrbz+cwvlzUjfbUPeF/P ... BDaVJM+Jq/8P3Q+B/CAaHvl4+3VX9aAygrfZPgsb9RnBjvo1PdSowKwx7bNCTdFL qGM= -----END ENCRYPTED PRIVATE KEY-----"
So I have seen this via my lab (every hour..) and at the day job so I finally decided to dig into it. It did help that I finally read the first line: BEGIN ENCRYPTED PRIVATE KEY is not the same as BEGIN RSA PRIVATE KEY and once I read that then making a patch was quick and easy.
I also updated fnrancid to pick up the hardware of the unit being queried in case hardware changes out later in life. There is also a comment included in case you want to have reported revisions as the different engines update their databases. I have it turned off by default.
You can download the patch here.