From time to time I have to generate my own SSL certificates for development purposes in Apache, and I keep on forgetting on how to do it without apache prompting me for a password everytime I boot and/or run apachectl. Here is a down and dirty quick how-to.

Step 1: Generate Private Key

openssl genrsa -des3 -out server.key 1024

Step 2: Generate CSR

openssl req -new -key server.key -out server.csr

Step 3: Remove Passphrase

cp server.key server.key.org
openssl rsa -in server.key.org -out server.key

Step 4: Sign the Certificate

openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt

After that, copy your newly generated keys to wherever your server stores your keys (in my case /etc/apache2/ssl/)

I hope this reference saves some time for some people

Brennan

7 Responses to “Apache SSL Certificate Without Passphrase”

1. Steve Says:
   January 21st, 2009 at 12:39 pm

   I’ve got this bookmarked and use it all the time. Thanks for the resource.

2. Randy Says:
   March 30th, 2009 at 10:21 am

   You can simply omit the -des3 option to bypass the passphase generating the private key.

   Regards
   Randy

3. Johan Says:
   April 3rd, 2009 at 5:23 pm

   You just saved my time Thanks to you and Google

4. wayne Says:
   June 23rd, 2009 at 3:47 am

   thanks for this – very helpful indeed.

5. David Says:
   August 11th, 2009 at 3:21 am

   Good stuff, and very useful i mean come on, the passphrase has got to be the biggest pain in the butt. Dont find out the hard way after you reboot a remote server via putty and it doesnt come back up because of this passphrase bull crap!!

6. Markitoxs Says:
   September 9th, 2009 at 2:51 am

   This is great, thank you for this snippet, much appreciated.

7. Sofiane HASSINE Says:
   November 23rd, 2009 at 7:18 am

   Thank you, this was very useful for me.
   much appreciate

Leave a Comment