Possible Duplicate:
stop apache from asking for SSL password each restart
When I created my SSL certificate I used a pass phrase in the key. Whenever I restart my web server (Apache or Nginx) they ask for a password:
Apache:
Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases.
Server www.example:443 (RSA)
Enter pass phrase:
Nginx:
Starting nginx: Enter PEM pass phrase:
Entering the password each time is fast getting annoying and I'm worried about downtime when the machine is next rebooted.
Is there a way to automatically provide the PEM pass phrase when the webserver is restarted? or do I have to get the SSL certificate re-issued using a key where the pass phrase has been removed?
If I remove the pass phrase, what are the security implications? Is it anything to worry about?
See Warner's Answer to almost the exact same question a day or two ago.
Answering each question in turn:
Apache has the SSLPassPhraseDialog to automatically answer the SSL pass phrase question.
The pass prase can be removed from the key without needing to get the certificate re-issued. The key is your secret and you can do anything you want with it including making it unsecure:
Yes, if the private key is no longer encrypted, it is critical that this file only be readable by the root user. If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked immediately or the attack could put up a website pretending to be yours.