When installing a SSL certificate with a private key that is encrypted with a passphrase, you must decrypt the private key first. You can identify whether a private key is encrypted or not by opening the private key (.key or .pem file) using a text editor or command line. You should see the text ENCRYPTED if the private key is encrypted.
$ cat encrypted_private.key -----BEGIN ENCRYPTED PRIVATE KEY----- ...
Note: If the private key within the .pem file, you can simply copy the text between and including the -----BEGIN ENCRYPTED PRIVATE KEY----- and -----END ENCRYPTED PRIVATE KEY----- and save it into a new file.
To decrypt the private key from the terminal:
- Open terminal
- Run the open ssl command to decrypt the file
$ openssl rsa -in <encrypted_private.key> -out <decrypted_private.key> Enter pass phrase for encrypted_private.key: <enter the password> writing RSA key
- Once the private key has been decrypted, open the file and you should not see the text ENCRYPTED anymore.
$ cat decrypted_private.key -----BEGIN RSA PRIVATE KEY----- ...