A certificate with a password or passphrase is often a security benefit, but because the web server component must be restarted when OpenAthens LA publishes changes to the runtime from the administration console, it is a hindrance in this situation. Keeping the password on the certificate would mean that every time the library made a change and published it, the IT team would need to manually restart Apache on each runtime and enter the password when prompted.
How to remove a password from a certificate
Examples assume you are in the same directory as the certificate
Backup the certificate (optional)
sudo cp -p idp.yourdomain.com.key idp.yourdomain.com.key.backup
Remove the password - you will be prompted for the password during the process
sudo openssl rsa -in idp.yourdomain.com.key -out idp.yourdomain.com.key.tmp sudo mv idp.yourdomain.com.key.tmp idp.yourdomain.com.key
Check ownership, permissions and security context
>ls -Z -rw-------. root root system_u:object_r:cert_t:s0 idp.yourdomain.com.key ...
Use the following commands to set things as required should they differ.
sudo chmod 600 idp.yourdomain.com.key sudo chown root:root idp.yourdomain.com.key sudo chcon -u system_u -r object_r -t cert_t idp.yourdomain.com.key