Ask a Question

Advanced Search

Solution ID : SO5292

Last Modified : 05/02/2018

How to remove a private key password using OpenSSL

Problem

How to remove a private key password using OpenSSL

Solution

In some circumstances there may be a need to have the certificate private key unencrypted.

To remove the private key password follow this procedure:

  1. Copy the private key file into your OpenSSL directory (or you can specify the path in the command line).
     
  2. Run this command using OpenSSL:
    openssl rsa -in [file1.key] -out [file2.key]


    Enter the passphrase and [file2.key] is now the unprotected private key.

    The output file:  [file2.key] should be unencrypted. To verify this open the file using a text editor (such as MS Notepad) and view the headers.

    Encrypted headers look like this:

    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,


    6AC307785DD187EF...
    -----END RSA PRIVATE KEY-----


    Unencrypted headers look like this:

    -----BEGIN RSA PRIVATE KEY-----
    6AC307785DD187EF...
    -----END RSA PRIVATE KEY-----

    WARNING: Be aware that having an unencrypted private key adds a security risk by making it easier to obtain your private key if the private key file is stolen.
    For more information on OpenSSL please visit: www.openssl.org