The typical process for creating an SSL certificate is as follows:

 # openssl genrsa -des3 -out www.key 1024

At this point it is asking for a PASS PHRASE (which I will describe how to remove):

 Enter pass phrase for www.key:

 # openssl req -new -key www.key -out www.csr

Next, you will typically send the www.csr file to your registrar. In turn, you should receive a key.

From a security standpoint utilizing a passphrase, is a good thing, but from a practical standpoint not very useful.

For instance, what happens when your server reboots/crashes at 3am? Or better, what happens in 6 months when you reboot your machine, and you don’t remember the password? Well, one thing is for sure, your web server will not be online.

I suggest removal of the passphrase, you can follow the process below:

Always backup the original key before first to make sure no mistakes occur:

 # cp www.key www.key.orig

Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:

 # openssl rsa -in www.key -out new.key

Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.

Share This

Tags: Apache, ssl

This entry was posted on Friday, October 12th, 2007 at 6:29 pm and is filed under Apache, Quick Tip. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.