Removing Encryption from SSL Key

Hold on Cowboy

This blog post is pretty old. Be careful with the information you find in here. It's likely dead, dying, or wildly inaccurate.

While having an encrypted key is a good thing for an SSL web server, it just doesn’t work out so well. When your web server restarts, it hangs during startup asking for a passphrase for all the SSL certs.

To remove the requirement to enter a password you can follow these steps.

First backup you key `

cp www.domain.key www.domain.key.encrypted 


Then create a plain text version `

openssl rsa -in www.domain.key -out www.domain.key.plain 


Then replace your current key with the new plain text one `

cp www.domain.key.plaintext www.domain.key 


Now restart your web server and you shouldn’t be prompted for a passphrase.


You were about to walk away weren’t you?! Well make sure that your www.domain.key and www.domain.key.plain files are owned by root and are read/write only by root chmod 600 www.domain.key

Did this help you out? It took me a few days to piece together all this information together, I hope this saves you some time (who knows, maybe the future me will be thankful I wrote this down). Let me know your thoughts.