Often when you start with an SSL certificate it has a passphrase, you may want to change that later. You may realize your webserver won’t start without entering a passphrase at the startup dialog. That’d be a bad thing for your webserver, eh? Really the problem isn’t with the certificate so much as the key, which is encrypted with a passphrase.

Find the SSL certificate in the apache (we assume apache, if it’s not apache, find it anyway) configuration:

:> grep SSLCertificate /etc/httpd/conf.d/ssl.conf | grep -v '^#'
SSLCertificateFile /etc/httpd/conf/ssl.crt/mycert.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mycert.key
:>

Now, openssl can be used to change the passphrase:

openssl rsa -in /etc/httpd/conf/ssl.key/mycert.key -out /etc/httpd/conf/ssl.key/mycert-nopass.key

You will be prompted for the original passphrase, output will be a key without a passphrase. You can check this with:

:> head -4 /etc/httpd/conf/ssl.key/mycert.key
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,980B8119DBAF21D8

:> head -4 /etc/httpd/conf/ssl.key/mycert-nopass.key
-----BEGIN RSA PRIVATE KEY-----
MIICXQIBAAKBgQC9IasOjauHaI8+XzalqrQKq+u+wZsrL9vbClAd+yTAQ9wnMikV
g1EzA2BA34lHzurOV+A6qamLdmHeUmOkSMpLg2cxwoy9JVE//kGP1mAedb+l1HpB
RmGy0rQkoIvq4jCFaL3WVHcSa2b6vowG5q6UkJTuPUDEoWrCOBA0UroHuQIDAQAB

All done! nifty and quick too!