How to Remove a Passphrase From Certificate Key

If you have a Certificate Key that includes a Passphrase and you need to remove it, potentially to use it with AWS App Mesh, then you can do the following:

How to Remove a Passphrase using OpenSSL

  1. Locate the Private Key
  2. Run the following command:
    open ssl rsa -in <original.key> -out <new.key>
  3. Enter the original passphrase for the existing key
  4. The output file <new.key> will now be unencrypted

How to Verify if the Passphrase has been removed

Open the file in a text editor and check the headers.

Encrypted headers example

-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED DEK-Info: DES-EDE3-CBC,

ABC407785DD18XXX...
-----END RSA PRIVATE KEY-----

Unencrypted headers example

-----BEGIN RSA PRIVATE KEY-----
ABC407785DD18XXX...
-----END RSA PRIVATE KEY-----