Master lock, “r00t” password (Photo credit: Schill)
Once or twice a year (3rd time this year for me) you may need to update your SSL certificates, on your Linux servers, for a secure website, a secure email service, VPN or proxy service.
Whatever your need, the OpenSSL commands don’t always spring to mind so here are the ones you will need when certificate renewal time comes!
# View details of your current certificate openssl x509 -in <certificate filename>.crt -noout -text # Extract the key from your bundled cert / key (you'll need to enter your passphrase) openssl pkcs12 -in <path to bundle>.pfx -nocerts -out <key name>.key # Extract the cert from your bundled cert / key (you'll need to enter your passphrase) openssl pkcs12 -in <path to bundle>.pfx -clcerts -nokeys -out <cert name>.crt # Remove the passphrase from your key (so that you won't be prompted for the passphrase whenever you restart Apache etc) openssl rsa -in <key name>.key -out <key name>.key
And that should keep you going for another year or 10 
Related articles
well my benefit is that the power is going out over the wneeekd and i want it to be down for as little as possible. after that wneeekd i removed the script. basically its laziness. but i have doubts as to how important the password is anyway. so the only thing its protecting is apache right? but if you’re restarting apache you’re probably on the server, at which point i’m screwed. so yeah i don’t know what the point of that password is, unless there is something i’m unaware of with the SSL cert and the company that provides it. i don’t get ssl anyway so i’m the wrong person to ask about such things.
Pingback: handy