A certificate with a password or passphrase is often a security benefit, but because the web server component must be restarted when OpenAthens LA publishes changes to the runtime from the administration console, it is a hindrance in this situation. Keeping the password on the certificate would mean that every time the library made a change and published it, the IT team would need to manually restart Apache on each runtime and enter the password when prompted.
Examples assume you are in the same directory as the certificate
Backup the certificate (optional)
sudo cp -p idp.yourdomain.com.key idp.yourdomain.com.key.backup
Remove the password - you will be prompted for the password during the process
sudo openssl rsa -in idp.yourdomain.com.key -out idp.yourdomain.com.key.tmp sudo mv idp.yourdomain.com.key.tmp idp.yourdomain.com.key
Check ownership, permissions and security context
>ls -Z -rw-------. root root system_u:object_r:cert_t:s0 idp.yourdomain.com.key ...
Use the following commands to set things as required should they differ.
sudo chmod 600 idp.yourdomain.com.key sudo chown root:root idp.yourdomain.com.key sudo chcon -u system_u -r object_r -t cert_t idp.yourdomain.com.key