As explained in Apache and SSL Certificates, passphrase encryption requires an administrator's intervention whenever the service is started.
As such, the current standard for Web Servers, is to not use password encryption and instead rely on the file system to protect the keys.
Having said that, in some cases the administrator may want to use password encryption.
Generating Server Private Key with Password Encryption
The openssl command reads,
- genrsa - generate asymmetric keys
- aes266- - protect the RSA key with a passphrase using CBC AES 256 symmetric key encyrption
- 2048 - make the RSA private key 2048 bit
Removing Password Encryption
To remove the password from the key file,