I just set up a secure server. Followed the godaddy instructions for key generation/installation - and the server wanted my pass phrase to start. When I started developing I followed instructions for a self signed cert and everything went dandy. Anyway - after a little googling and an uneasy feeling that I messed up and godaddy might charge me a fee to resubmit for a new cert, I found the following solution - openssl rsa -in secure.shastaherps.key.old -out secure.shastaherps.key After running that and entering my pass phrase, no pass phrase is required to start the server and it seems like the browsers don't complain, so I think I'm set, but I thought I'd verify that all really is well and that doing that isn't going to cause any issues. If I understand it correctly, the phrase was needed when Apache starts in order to decrypt the key, and all I did above was decrypt the key so that apache doesn't have to, correct?