stop apache from asking for SSL password each restart

Solution 1:

You want to remove the passphrase from a key file. Run this:

openssl rsa -in key.pem -out newkey.pem

Be aware that this means that anyone with physical access to the server can copy (and thereby abuse) the key.

Solution 2:

I've been guilty of removing the passphrase from my own key files in the past, because it's the simplest solution, but security-wise, it's not the best idea. An alternative is to feed the passphrase to Apache. You can do this with the SSLPassPhraseDialog option in your httpd.conf (or another file that it includes).

If you only have one SSL site on your server, the simplest form of this would be:

# either of these will work
SSLPassPhraseDialog |/path/to/passphrase-script
SSLPassPhraseDialog exec:/path/to/passphrase-script

You would then create a very simple script called /path/to/passphrase-script that contains something like the following:

#!/bin/sh
echo "put the passphrase here"

When starting up, Apache will take the output of this script and use it as the passphrase for your SSL key. If you have multiple SSL sites, SSLPassPhraseDialog has additional ways in which it can be used, so you can either have a single script for all of your keys, or a separate script for each, or however you want to do it.


Solution 3:

To remove the password from a PEM file, you can do the following. Note that both commands are required for the situation where the private key and the public certificate are in the same file:

# you'll be prompted for your passphrase one last time
openssl rsa -in mycert.pem -out newcert.pem
openssl x509 -in mycert.pem >> newcert.pem

This will create a file called "newcert.pem" that is a PEM file without a password. As noted in other answers, you should consider whether or not this is a good idea from a security standpoint before doing so.

Snagged from here