Removing a passphrase from an SSL Key
Friday, October 12th, 2007
The typical process for creating an SSL certificate is as follows:
# openssl genrsa -des3 -out www.key 1024
At this point it is asking for a PASS PHRASE (which I will describe how to remove):
Enter pass phrase for www.key:
# openssl req -new -key www.key -out www.csr
Next, you will typically send the www.csr file to your registrar. In turn, you should receive a key.
From a security standpoint utilizing a passphrase, is a good thing, but from a practical standpoint not very useful.
For instance, what happens when your server reboots/crashes at 3am? Or better, what happens in 6 months when you reboot your machine, and you don’t remember the password? Well, one thing is for sure, your web server will not be online.
I suggest removal of the passphrase, you can follow the process below:
Always backup the original key before first to make sure no mistakes occur:
# cp www.key www.key.orig
Then unencrypt the key with openssl. You’ll need the passphrase for the decryption process:
# openssl rsa -in www.key -out new.key
Now copy the new.key to the www.key file and you’re done. Next time you restart the web server, it should not prompt you for the passphrase.
Reference: http://www.mnxsolutions.com/blog/apache/removing-a-passphrase-from-an-ssl-key.html
My Blog List
-
Unlocking Innovation in Computer Vision with Open-Source OS - Diving into the Future At the heart of today’s tech revolution lies computer vision, a brilliant star in the vast universe of artificial intelligence. It...17 hours ago
-
How to find hard disk (SSD) serial numbers in Linux - [image: See all GNU/Linux related FAQ] You need to use the smartctl command to display the hard disk (SSD) serial numbers in Linux. This is useful when cha...3 days ago
-
PaloAlto init-cfg.txt Bootstrap Config file Layout with Examples - When you install and configure the PaloAlto firewall, when the firewall boots up for the first time, it does the bootstrapping process. PaloAlto uses the s...2 years ago
-
Clusterssh – Administer multiple ssh or rsh shells simultaneously - Sponsored Link The command opens an administration console and an xterm to all specified hosts. Any text typed into the administration console is replicate...3 years ago
-
Web Application Vulnerability Scanning Tools - Web Application Vulnerability Scanning Tools Nessus http://www.tenable.com/products/nessus PortSwigger https://portswigger.net/ qualys https://www.qualys....5 years ago
-
What You Don’t Know About Linux Open Source Could Be Costing to More Than You Think - Guest post by Marc Fisher If you would like to test out Linux before completely switching it as your everyday driver, there are a number of means by which ...6 years ago
-
Resolving Sysprep problems with App-X packages (Part 1) - This is the first of two articles explaining how to fix systems that won't Sysprep if Windows Native/App-X applications have been removed and Windows patches.7 years ago
-
V2V Communications security considerations - The future of vehicles, road infrastructure and driving are changing. We are progressing with vehicle-to-vehicle (V2V) and vehicle-to-infrastructure (V2I) ...7 years ago
-
10 UNIX / Linuz Size Command Examples for ObjectFiles - Linux size is part of GNU binutils. This utility is very helpful for programmers to analyze the data from the executable files (or object files). By defaul...9 years ago
-
Updating VMware Tools on Red Hat Enterprise/Scientific/CentOS Linux 6 for VMware ESXi 5 - In a previous post I discussed installing the open source VMware tools for Red Hat Enterprise/Scientific/CentOS Linux 6 from a yum package repository provi...13 years ago
