Home
Removing a Passphrase from a Key Generated by Openssl
Instructions for removing a passphrase from a key generated by openssl. This is useful if you have created a key as part of a certificate signing request following the instructions for a company like GoDaddy.
These instructions are shamelessly lifted (in their entirety) from akadia.com.
One unfortunate side-effect of the pass-phrased private key is that Apache will ask for the pass-phrase each time the web server is started. Obviously this is not necessarily convenient as someone will not always be around to type in the pass-phrase, such as after a reboot or crash. mod_ssl includes the ability to use an external program in place of the built-in pass-phrase dialog, however, this is not necessarily the most secure option either. It is possible to remove the Triple-DES encryption from the key, thereby no longer needing to type in a pass-phrase. If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked. With that being said, use the following command to remove the pass-phrase from the key:
cp server.key server.key.org openssl rsa -in server.key.org -out server.key
The newly created server.key file has no more passphrase in it.
