Certificates - Remove the password from a RSA private key

To test whether the SSL certificate is password-protected, examine the beginning of the keyfile using the command:

head -3 your.key

Result:

This private key is encrypted:

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,C251E8A1254B933D763703EE1C364AB7

This file is not encrypted:

-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvbeWtO9nQP4cFFuhGrOM/WQ73oTQHU7mzZB9CaA3R2iwjDNz
wwlDtT9tfo0tCC2ib9STfeM6AYrdI3wauzCu7AV4CFGSMP3HLX8DJuk8zzbdQHHv

To remove the password from a RSA private key, use the following command:

umask 077
mv your.key old-with-pass.key
openssl rsa -in old-with-pass.key -out your.key

The umask 077 command is necessary to ensure that the new key is not created with overly relaxed permissions. Alternatively, you can manually change the mode of the file with chmod 400 new.key. Depending on the location of the key, you might have to prefix the openssl, mv and chmod commands with sudo.