Often when you start with an SSL certificate it has a passphrase, you may want to change that later. You may realize your webserver won’t start without entering a passphrase at the startup dialog. That’d be a bad thing for your webserver, eh? Really the problem isn’t with the certificate so much as the key, which is encrypted with a passphrase.
Find the SSL certificate in the apache (we assume apache, if it’s not apache, find it anyway) configuration:
:> grep SSLCertificate /etc/httpd/conf.d/ssl.conf | grep -v '^#' SSLCertificateFile /etc/httpd/conf/ssl.crt/mycert.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mycert.key :>
Now, openssl can be used to change the passphrase:
openssl rsa -in /etc/httpd/conf/ssl.key/mycert.key -out /etc/httpd/conf/ssl.key/mycert-nopass.key
You will be prompted for the original passphrase, output will be a key without a passphrase. You can check this with:
:> head -4 /etc/httpd/conf/ssl.key/mycert.key -----BEGIN RSA PRIVATE KEY----- Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,980B8119DBAF21D8 :> head -4 /etc/httpd/conf/ssl.key/mycert-nopass.key -----BEGIN RSA PRIVATE KEY----- MIICXQIBAAKBgQC9IasOjauHaI8+XzalqrQKq+u+wZsrL9vbClAd+yTAQ9wnMikV g1EzA2BA34lHzurOV+A6qamLdmHeUmOkSMpLg2cxwoy9JVE//kGP1mAedb+l1HpB RmGy0rQkoIvq4jCFaL3WVHcSa2b6vowG5q6UkJTuPUDEoWrCOBA0UroHuQIDAQAB
All done! nifty and quick too!
