Often when you start with an SSL certificate it has a passphrase, you may want to change that later. You may realize your webserver won’t start without entering a passphrase at the startup dialog. That’d be a bad thing for your webserver, eh? Really the problem isn’t with the certificate so much as the key, which is encrypted with a passphrase.