Sean’s Obsessions

Sean Walberg’s blog

RedHat/Fedora SSL Keys - Removing Password

Every year I have to remember how to generate new SSL keys and remove the password.

Generate keys:

[root@sergeant conf]# cd /etc/httpd/conf
[root@sergeant conf]# make server.crt
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key
Generating RSA private key, 1024 bit long modulus
……………….++++++
……………………………++++++
e is 65537 (0x10001)
Enter pass phrase:
Verifying - Enter pass phrase:
umask 77 ; \
/usr/bin/openssl req -new -key server.key -x509 -days 365 -out server.crt
Enter pass phrase for server.key:
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:CA
State or Province Name (full name) [Berkshire]:Manitoba
Locality Name (eg, city) [Newbury]:Winnipeg
Organization Name (eg, company) [My Company Ltd]:ERTW
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server’s hostname) []:ertw.com
Email Address []:sean@ertw.com

Then copy the keys into the appropriate directories (backup the old ones first!)

[root@sergeant conf]# cp server.crt ssl.crt/
cp: overwrite `ssl.crt/server.crt’? y
[root@sergeant conf]# cp server.key ssl.key/server.key.pass
cp: overwrite `ssl.key/server.key.pass’? y

Then remove the password:
[root@sergeant ssl.key]# openssl rsa -in server.key.pass -out server.key
Enter pass phrase for server.key.pass:
writing RSA key

This assumes your /etc/httpd/conf.d/ssl.conf points to keys named “server”.

Comments

I’m trying something new here. Talk to me on Twitter with the button above, please.