When it comes to generating SSL keys passphrases play an immanent role. They need to be specified when creating SSL keys and are checked each time the key is being used to ensure authorized access. For instance, when starting your Apache web server with a SSL certificate you will need to enter the original passphrase to verify authorized access. The following simple step shows you how to remove passphrase from SSL keys.
If you don’t already have a SSL key create a 2048 bit RSA key with triple DES block ciphering first and specify your passphrase as usual:
openssl genrsa -des3 -out your-server.key 2048
Of course you can choose any other modulus bits count and ciphering mode to generate your SSL key. Then, make a backup of the original certificate with the passphrase still set just in case:
cp your-server.key your-server.key.WITH_PASS
Remove Passphrase
And finally remove passphrase from your SSL key:
openssl rsa -in your-server.key.WITH_PASS -out your-server.key.WITHOUT_PASS
Now you can use this key without requiring the enter the passphrase on every single use, e.g. when Apache web server starts, etc. That’s it.
Leave a Reply