有时候我们在生成证书的时候可以加入了密码保护。然后申请到证书安装到了web服务器。但是这样可能会带来麻烦。每次重启apache或者nginx的时候，都需要输入密码。那么SSL证书如何去除私钥密码保护。

生成钥匙server.key的同时生成证书请求文件server.csr

openssl req -new -newkey rsa:2048 -nodes -sha256 -out server.csr -keyout server.key

②设置安全密码（pass phrase）时，请记住它，因为此安全密码是用来保护私密私钥，你将需要私密私钥和证书才能启用SSL数字证书。】

然后提交上去的应该是

然后应该提交给ssl签发机构的是server.csr

How-To Remove The Password From a SSL Certificate Key File

openssl req -new -newkey rsa:2048 -nodes -keyout www.abc.com.key -out www.abc.com.csr
Generating a 2048 bit RSA private key
......................+++
.....................+++
writing new private key to 'www.abc.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) []:CN
State or Province Name (full name) []:ShanXi
Locality Name (eg, city) []:Xi'an
Organization Name (eg, company) []:snsyr
Organizational Unit Name (eg, section) []:devops
Common Name (eg, fully qualified host name) []:www.abc.com
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:123456

注意上面的

A challenge password []:123456

如此操作时候会生成2个文件：

会生成2个文件：

ll
total 8.0K
-rw-r--r-- 1 lex staff 1.1K Apr 11 09:49 www.abc.com.csr
-rw-r--r-- 1 lex staff 1.7K Apr 11 09:49 www.abc.com.key

尝试转换：

openssl rsa -in www.abc.com.key -out unencyred.www.abc.com.key
writing RSA key

我这里简单对比下文件：

sdiff www.abc.com.key unencyred.www.abc.com.key
-----BEGIN PRIVATE KEY-----                      |    -----BEGIN RSA PRIVATE KEY-----
MIIEvgIBADANBgkqhkiG9w0BAQEFAASCBKgwggSkAgEAAoIBAQDngV5qMRZfb |    MIIEpAIBAAKCAQEA54FeajEWX25h3W9lYELPafsG7uXJgsz0p6Q/xYx15kaIV
b2VgQs9p+wbu5cmCzPSnpD/FjHXmRohXLtFHknVLWyT1AF3Ar7E99RpVb9Kz9 |    R5J1S1sk9QBdwK+xPfUaVW/Ss/UWDoftynCZTXTixmSk88sCcnLf558P4wrN7
h+3KcJlNdOLGZKTzywJyct/nnw/jCs3tSgsdtMIZssV3Xs3xLzlvh9lja85yk |    HbTCGbLFd17N8S85b4fZY2vOcpIyiomXpKb5j85yehHW2Nj+HiqJHV85U6WZv
iZekpvmPznJ6EdbY2P4eKokdXzlTpZm/ephVRg/axBEIx8eXOKGJQr9eEdr1y |    VUYP2sQRCMfHlzihiUK/XhHa9cnWN8tc44+ExpglGqPIsaTSGTmlJyZVw5Ejp
y1zjj4TGmCUao8ixpNIZOaUnJlXDkSOm+/YPB2D4yVq9fkuT2qt3/anp8hbnb |    Dwdg+MlavX5Lk9qrd/2p6fIW527/XV8YUhU2odf9gaEp/xj3VUiLs2SbwNT80
XxhSFTah1/2BoSn/GPdVSIuzZJvA1PzTwVUiY54WGQqgagNvQvFKxqnA74YvC |    ImOeFhkKoGoDb0LxSsapwO+GLwjvHs2V9hTpiQIDAQABAoIBAGRrjZTqrhW/P
zZX2FOmJAgMBAAECggEAZGuNlOquFb8/3FnR06unZQVqwH4UpxRYm893ii2fh |    0dOrp2UFasB+FKcUWJvPd4otn4a/2axXtpghQ5fodWOBQSmwDGYfx8h/tRoym
rFe2mCFDl+h1Y4FBKbAMZh/HyH+1GjKZ2rvDviiRlzO4mu5VTxskeJiz3zj0H |    w74okZczuJruVU8bJHiYs9849B88NI9VqvS7z+Zt0ZIyIYsZPQTQHNAvl2HDY
j1Wq9LvP5m3RkjIhixk9BNAc0C+XYcNhAQ8mJFn5rxOSPLk4RN/7ewJgb8k6i |    JiRZ+a8Tkjy5OETf+3sCYG/JOoi5XVNkTGs6gnOQW31BL7YURau6lo0IiQ39i
U2RMazqCc5BbfUEvthRFq7qWjQiJDf2Io/FJZYxtx6aK56QzFRdgaV2xnkZla |    SWWMbcemiuekMxUXYGldsZ5GZWopiITnCenT6l+WRViD3sTnqzuIXbXCebemq
hOcJ6dPqX5ZFWIPexOerO4hdtcJ5t6apFwWP5yluecSc8c0Y8ftW7QwD9W3jM |    j+cpbnnEnPHNGPH7Vu0MA/Vt4zP6vWEcdAXl3PuBcK2RGE2kRrjnhX8/Wx7Rx
YRx0BeXc+4FwrZEYTaRGuOeFfz9bHtHHU/g6jojA8QKBgQD9kjdml+5ODPOv5 |    Oo6IwPECgYEA/ZI3ZpfuTgzzr+fB9OCXMGIJgb3E7We7lBTPCMjFTae9G5wSv
4JcwYgmBvcTtZ7uUFM8IyMVNp70bnBK+AZv/ZsjsVsgferY/mO97YHNW3pvkx |    /2bI7FbIH3q2P5jve2BzVt6b5MX3010pAueN2mDDdswZ9cMN1AbSLRaRsKVN7
XSkC543aYMN2zBn1ww3UBtItFpGwpU3skEcnbCr7SFPEzMD2WdplfCIk9WDcz |    J2wq+0hTxMzA9lnaZXwiJPVg3MxAqzBXrmuNRiIghSz6VVkTeYiIwfcCgYEA6
MFeua41GIiCFLPpVWRN5iIjB9wKBgQDpuQtvjjy57sikub61lERUlrSp30Xrz |    b448ue7IpLm+tZREVJa0qd9F682b8MnRF2uIOzCu2kBd3h5Fpg9/yawF2xMoT
ydEXa4g7MK7aQF3eHkWmD3/JrAXbEyhPvDaiXnzN4UJFvvYtNhh/Jb8nQ3Gzb |    ol58zeFCRb72LTYYfyW/J0Nxs25I5E5clkVXqZd+bqmW5fuM5Wlb8XIATOeiL
TlyWRVepl35uqZbl+4zlaVvxcgBM56Iv7/90wuAVOtAPJeB1Lo9w3CRnRQBCV |    dMLgFTrQDyXgdS6PcNwkZ0UAQlSJYFblGN980H8CgYEAqcr65eveWs05cBSUP
VuUY33zQfwKBgQCpyvrl695azTlwFJQ/0RPsBfmvss7m2Ys1gSmRDD9x3Fw43 |    7AX5r7LO5tmLNYEpkQw/cdxcONytgCW7u62r5PXHU6zr1HIoCklvcj/ly670X
Jbu7ravk9cdTrOvUcigKSW9yP+XLrvRfyAXqN/s4u4qnRcwsUMw1qcua/X3Y9 |    6jf7OLuKp0XMLFDMNanLmv192PcX0sxZmQBJV7H6xdEFdPB92W7hvjXBApiSx
zFmZAElXsfrF0QV08H3ZbuG+NcECmJLFDr3nwYT77WYxRwjplZgAzXglyQKBg |    58GE++1mMUcI6ZWYAM14JckCgYAdZZPlpRtIO5tq9J3jEtIBXa89ioKt5P+PK
k+WlG0g7m2r0neMS0gFdrz2Kgq3k/48qoyzx7oGbXvK+k8/jONlpK6Z/B4GFi |    8e6Bm17yvpPP4zjZaSumfweBhYhVdxPcGkxSTNncEee+ygYMv/+p/Zaofd+XL
E9waTFJM2dwR577KBgy//6n9lqh935cvr/+KmzsOfe2HUR5+JDuao+DbeOQzY |    ips7Dn3th1EefiQ7mqPg23jkM2I361TTJ8utf+c5cIcp1gBerqG5h3k/3ogk4
VNMny61/5zlwhynWAF6uobmHeT/eiCTg6RHW0kkbAoGBAIbhOhxLsm0+qoQBa |    1tJJGwKBgQCG4TocS7JtPqqEAWvzPvEewyEoorefhJFrxvmok6DOZM5dGpI82
8R7DISiit5+EkWvG+aiToM5kzl0akjzZydnz5k/+uTOhQZJS0ZudGF52smzWm |    8+ZP/rkzoUGSUtGbnRhedrJs1pl98CFqmYjMFUFDVo8+NSyGBiXiAuyy1Dh8U
IWqZiMwVQUNWjz41LIYGJeIC7LLUOHxQB7UX/Hr9Zm0aOHyeiNEo1HU3v1BDh |    F/x6/WZtGjh8nojRKNR1N79QQ4fGf45ff2aNqR2PquUr2s/pA0Y/Fw==
jl9/Zo2pHY+q5Svaz+kDRj8X                      |    -----END RSA PRIVATE KEY-----
-----END PRIVATE KEY-----                      <

可以看到大致的区别，其实到这里我也不知道是否生效了。为了测试是否变化

我再次将没有加密地进行解密看看

为了测试是不是有所变化：再次

openssl rsa -in unencyred.www.abc.com.key -out test.key
writing RSA key
这次对比unencyred.www.abc.com.key  test.key

发现没有任何变化：
diff test.key unencyred.www.abc.com.key

how-to-remove-private-key-password-from-pkcs12-container

https://serverfault.com/questions/515833/how-to-remove-private-key-password-from-pkcs12-container

上面只是一个方法，有待验证 哈