SSL Passphrase in Mac OS X Server

Here’s a one-liner (spread across two lines for the 80 column internet) for mining Mac OS  X Server’s SSL passphrase out of Keychain:

security dump-keychain -d /Library/Keychains/System.keychain | \
grep '"svce"<blob>="Mac OS X Server certificate management"' -A 3 | tail -n 1

Typically this is most useful right before you say something like the following, which writes out a decrypted version of the private key (after you supply the passphrase, of course :)

openssl rsa -in key.pem -out decrypted-key.pem