Ask a Question

Solution ID : SO307

Last Modified : 05/02/2018

Remove passphrase requirement on private key for Apache-SSL

Problem

Is it possible to change my private key not to have a passphrase?

Solution

It is possible to create an unencrypted copy of the key using this command: 
 
openssl rsa -in file1.key -out file2.key
 
Where file1.key contains the current encrypted key and file2.key will contain your unencrypted key.

If you now point your server at this key file, it will not prompt you for a passphrase.

If anyone gets the unencrypted key, they will be able to impersonate you (keys create your identifying digital signature).
 
Please make sure the permissions on that file allow only "root" or "web server user" to read it. Preferably start your web server as root, but run as another server, and have the key readable only by root.