remove ssl ssh passphrase

How to Remove SSL Certificate & SSH Passphrase in Linux

SSL certificates secure data transmission to and from websites and applications by encrypting all data. While creating SSL certificates, administrators often use an additional passphrase to add extra level of security. But using passphrase can hinder automated reading of certificates in most cases unless your site has been programmed to automatically supply passphrases. So often website administrators need to remove SSL certificate and SSH passphrase. In this article, we will learn how to do this.

How to Remove SSL Certificate & SSH Passphrase in Linux

We will learn how to remove passphrase from SSL certificate and SSH passphrase separately. SSH keys are used to encrypt/decrypt SSL keys. They both can have same or different passphrases but require different tools and commands for passphrase removal.

Remove Passphrase from SSL certificate

Let us say you have an SSL certificate private.pem. You can view its contents using any document reader or editor.

$ cat private.pem

Whenever any application or server tries to read the certificate it will be prompted to enter passphrase.

$ openssl rsa -in private.pem -outform PEM -pubout -out public.pem
Enter pass phrase for private.pem:

You can easily remove the passphrase by copying the private key to a new file, using openssl tool.

$ openssl rsa -in private.pem -out private_new.pem 
$ cat private_new.pem 

Now when any application tries to access the new key file, it will not be asked to enter passphrase.

Remove Passphrase from SSH Private Key

Generally, when we generate an SSH key pair (public+private) we are asked to enter a passphrase. If we leave it empty and hit enter, then no passphrase is set.

On the other hand, if you try to use a key that has a pass phrase, as shown below, the SSH client will ask for the pass phrase before proceeding further.

$ ssh -i .ssh/user user@
Enter password:

To remove the pass phrase, you can use ssh-keygen command with -p option which prompts you to enter existing pass phrase and use -f option to specify the SSH key file. Replace .ssh/user with file path of your SSH key.

$ ssh-keygen -p -f .ssh/user

You will be asked for old password and then the new password. Enter the old password, and leave the new password empty.

Now when you try accessing SSH key, you will not be asked for passphrase.

In this article, we have learnt how to remove passphrase from SSL certificates as well as SSH keys. You need to use openssl to remove passphrase from SSL certificates and ssh-keygen to remove passphrase from SSH keys. Both these tools are available by default in most Linux distributions.

Also read:

How to Capture Linux Signal in Python
How to Send Signal from Python
How to Clear Canvas for Redrawing in JavaScript
How to Use Decimal Step Value for Range in Python
How to Get Browser Viewport Dimension in JS

Leave a Reply

Your email address will not be published. Required fields are marked *