Home » SSL » Removing a passphrase from an SSL Key

Removing a passphrase from an SSL Key

This tutorials will help you to removing a passphrase from an SSL Key
The classic process for creating an SSL certificate is as follows:

# openssl genrsa -des3 -out www.linuxpcfix.com.key 2048

When creating the key, you can let alone entering the initial passphrase in general using:

# openssl genrsa -out www.linuxpcfix.com.key 2048

At this process it is asking for a PASS PHRASE (which I will describe how to remove):
Enter pass phrase for www.linuxpcfix.com.key:

# openssl req -new -key www.linuxpcfix.com.key -out www.linuxpcfix.com.csr

Next, you will send the www.linuxpcfix.com.csr file to your registrar. sequentially, your registrar will provide you with the .crt (certificate) file.
For a security standard utilizing a passphrase, is a good thing, but from a practical view not very useful.
For instance, what happens when your server reboots/crashes Or better, what happens in 6 months when you reboot your machine, and you don’t remember the password? one thing is for sure, your web server will not be online.
I will suggest removal of the passphrase, you can follow the process below:
Take backup of original file.

# cp www.linuxpcfix.com.key www.linuxpcfix.com.key.orig

Then unencrypt the key with openssl. You must have the passphrase for the decryption process:

# openssl rsa -in www.linuxpcfix.com.key -out new.key

Now copy the new.key to the www.linuxpcfix.com.key file and you are done. Next time you will restart the web server, it should not prompt you for the passphrase.
Stop worrying about your server issues


I am founder and webmaster of www.linuxpcfix.com and working as a Sr. Linux Administrator (Expertise on Linux/Unix & Cloud Server) and have been in the industry from last 7 years.

Leave a Reply

Your email address will not be published. Required fields are marked *


Time limit is exhausted. Please reload the CAPTCHA.

Categorized Tag Cloud