Differences

This shows you the differences between two versions of the page.

--- certificates:remove_the_password_from_a_rsa_private_key [2016/10/10 23:32] – created peter
+++ certificates:remove_the_password_from_a_rsa_private_key [2019/11/26 21:52] (current) – removed peter
@@ Line 1: / Line 1: @@
-====== Certificates - Remove the password from a RSA private key ======
-To test whether the SSL certificate is password-protected, examine the beginning of the keyfile using the command:
-<code bash>
-head -3 your.key
-</code>
-Result:
-This private key is encrypted:
-<code>
------BEGIN RSA PRIVATE KEY-----
-Proc-Type: 4,ENCRYPTED
-DEK-Info: AES-128-CBC,C251E8A1254B933D763703EE1C364AB7
-</code>
-This file is not encrypted:
-<code>
------BEGIN RSA PRIVATE KEY-----
-MIIEowIBAAKCAQEAvbeWtO9nQP4cFFuhGrOM/WQ73oTQHU7mzZB9CaA3R2iwjDNz
-wwlDtT9tfo0tCC2ib9STfeM6AYrdI3wauzCu7AV4CFGSMP3HLX8DJuk8zzbdQHHv
-</code>
-To remove the password from a RSA private key, use the following command:
-<code bash>
-umask 077
-mv your.key old-with-pass.key
-openssl rsa -in old-with-pass.key -out your.key
-</code>
-The **umask 077** command is necessary to ensure that the new key is not created with overly relaxed permissions.  Alternatively, you can manually change the mode of the file with **chmod 400 new.key**.  Depending on the location of the key, you might have to prefix the openssl, mv and chmod commands with sudo.