On a web server there isn't much reason to keep the certificate protected by a password since it is already protected by the root password and anyone gaining access to root can quickly circumvent the certificate anyway. But having a server that cannot reboot successfully is a major downside to forcing a password.
I though TinyCA looked like a nice gui app to a few of my server certificates but it has ended up being useless.

