====== Certificates - Remove the password from a RSA private key ======

To test whether the SSL certificate is password-protected, examine the beginning of the keyfile using the command:

<code bash>
head -3 your.key
</code>

Result:

This private key is encrypted:

<code>
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,C251E8A1254B933D763703EE1C364AB7
</code>

This file is not encrypted:

<code>
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvbeWtO9nQP4cFFuhGrOM/WQ73oTQHU7mzZB9CaA3R2iwjDNz
wwlDtT9tfo0tCC2ib9STfeM6AYrdI3wauzCu7AV4CFGSMP3HLX8DJuk8zzbdQHHv
</code>

To remove the password from a RSA private key, use the following command:

<code bash>
umask 077
mv your.key old-with-pass.key
openssl rsa -in old-with-pass.key -out your.key
</code>

The **umask 077** command is necessary to ensure that the new key is not created with overly relaxed permissions.  Alternatively, you can manually change the mode of the file with **chmod 400 new.key**.  Depending on the location of the key, you might have to prefix the openssl, mv and chmod commands with sudo.