Removing a Pass Phrase from a SSL Certificate
This is a tip I picked up a while ago when I was implementing an SSL certificate on Apache and Linux. I decided to use a pass phrase on
my key file, thinking that it would be better and more secure (more secure is arguably true).
However, what I didn't realize was that the pass phrase would be needed every time Apache was started. This means that if the server has to restart for some reason you will have to manually enter the pass phrase every time or Apache will not start.
I learned my lesson when the server I had put the SSL certificate on went down in the night and then automatically restarted. Because Apache didn't come back up automatically I got a call late in the night wondering why the server was not working. I got connected to the server to quickly find that Apache wasn't running simply because it wanted the pass phrase from the certificate in order to start.
It was at that point that I decided that it would be just better to get rid of the pass phrase; the complications outweighed the benefits. Luckily, pass phase removal is pretty easy and straightforward. It took a decent amount of digging around the web to find a good answer, though.
Below is the process for removing a pass phrase from a key file.
First you will have to find where the key file you want to change is located on your server, and then change to that directory on the command line. This will depend on the software and configuration but I keep mine in '/etc/httpd/conf/ssl.key'.
# cd /etc/httpd/conf/ssl.key
After that all you have to do is run the command below and then enter the pass phrase when prompted (replace 'www.domain.com.key' with?the name of the key you want to change). WARNING: I would highly recommend backing up your existing key file before regenerating it.
# openssl rsa -in www.domain.com.key -out www.domain.com.key
Now you should be able to restart your server and be all set to go.
This was a good article that I found and used when setting up my secure server.
Article originally written by Jordon Mears, Software Architect. Find more of Jordon's writing at http://www.finefrog.com