How to Fix an Encrypted SSL Private Key

If your SSL key is encrypted, you'll first need to decrypt it before using it to secure your app with HTTPS.

Most SSL keys are not encrypted. You only need this tutorial if you're having a problem due to an encrypted key.

Identifying Encrypted Keys

You'll know your SSL key is encrypted if you get the following message in ServerPilot when entering your key:

Key cannot be encrypted (password protected)

You can also tell a key is encrypted if you look at the key and either

  1. the first line says BEGIN ENCRYPTED PRIVATE KEY; or
  2. one of the next lines says Proc-Type: 4,ENCRYPTED

If your key is encrypted, you'll need to decrypt it before using it.

Fixing Encrypted Keys

To decrypt an SSL private key, run the following command. Replace ssl.key.encrypted with the filename of your encrypted SSL private key.

openssl rsa -in ssl.key.encrypted -out ssl.key.decrypted

The command above will prompt you for the encryption password. The command will then place the decrypted key in the file ssl.key.decrypted. You can then enter the decrypted key and your SSL certificate in ServerPilot to enable HTTPS for your website.