Index: b/contrib/scripts/ast_tls_cert
===================================================================
--- a/contrib/scripts/ast_tls_cert
+++ b/contrib/scripts/ast_tls_cert
@@ -32,14 +32,14 @@ EOF
 
 create_ca () {
 	echo "Creating CA key ${CAKEY}"
-	openssl genrsa ${CA_ENCRYPTION_OPT} -out ${CAKEY} 4096 > /dev/null
+	openssl genrsa -passout pass:xivo ${CA_ENCRYPTION_OPT} -out ${CAKEY} 4096 > /dev/null
 	if [ $? -ne 0 ];
 	then
 		echo "Failed"
 		exit 1
 	fi
 	echo "Creating CA certificate ${CACERT}"
-	openssl req -new -config ${CACFG} -x509 -days 365 -key ${CAKEY} -out ${CACERT} > /dev/null
+	openssl req -passin pass:xivo -new -config ${CACFG} -x509 -days 365 -key ${CAKEY} -out ${CACERT} > /dev/null
 	if [ $? -ne 0 ];
 	then
 		echo "Failed"
@@ -50,21 +50,21 @@ create_ca () {
 create_cert () {
 	local base=${OUTPUT_DIR}/${OUTPUT_BASE}
 	echo "Creating certificate ${base}.key"
-	openssl genrsa -out ${base}.key ${KEYBITS:-2048} > /dev/null
+	openssl genrsa -passout pass:xivo -out ${base}.key ${KEYBITS:-2048} > /dev/null
 	if [ $? -ne 0 ];
 	then
 		echo "Failed"
 		exit 1
 	fi
 	echo "Creating signing request ${base}.csr"
-	openssl req -batch -new -config ${CONFIG_FILE} -key ${base}.key -out ${base}.csr > /dev/null
+	openssl req -passin pass:xivo -batch -new -config ${CONFIG_FILE} -key ${base}.key -out ${base}.csr > /dev/null
 	if [ $? -ne 0 ];
 	then
 		echo "Failed"
 		exit 1
 	fi
 	echo "Creating certificate ${base}.crt"
-	openssl x509 -req -days 365 -in ${base}.csr -CA ${CACERT} -CAkey ${CAKEY} -set_serial 01 -out ${base}.crt > /dev/null
+	openssl x509 -passin pass:xivo -req -days 365 -in ${base}.csr -CA ${CACERT} -CAkey ${CAKEY} -set_serial 01 -out ${base}.crt > /dev/null
 	if [ $? -ne 0 ];
 	then
 		echo "Failed"
