jcoman777
asked on
Apache w/ Mod_SSL and password protected keys.
I recently renewed my SSL keys and was prompted to put a password on them when generating the certificate request (I think it was at that point).
Anyway, every time I start up my apache, it makes me put in that password before apache will start up.
eg:
# /usr/local/apache/bin/apac hectl startssl
Apache/1.3.29 mod_ssl/2.8.16 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server xxx.xxx.com:443 (RSA)
This is a problem, since when I reboot my server, apache will not start up until I go in via ssh and manually restart it and manually type in the password.
Is there a way to automate this process so that when I reboot my server, my apache WILL automatically start up without my intervention (typing in that password)?
Here's the setup of my apache from server-status:
Apache/1.3.29 (Unix) PHP/4.3.4 mod_ssl/2.8.16 OpenSSL/0.9.7c
I'm on FreeBSD 4.9 STABLE
Thanks.
Anyway, every time I start up my apache, it makes me put in that password before apache will start up.
eg:
# /usr/local/apache/bin/apac
Apache/1.3.29 mod_ssl/2.8.16 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.
Server xxx.xxx.com:443 (RSA)
This is a problem, since when I reboot my server, apache will not start up until I go in via ssh and manually restart it and manually type in the password.
Is there a way to automate this process so that when I reboot my server, my apache WILL automatically start up without my intervention (typing in that password)?
Here's the setup of my apache from server-status:
Apache/1.3.29 (Unix) PHP/4.3.4 mod_ssl/2.8.16 OpenSSL/0.9.7c
I'm on FreeBSD 4.9 STABLE
Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Remove the encryption from the RSA private key (while preserving the original file):
$ cp server.domain.tld.key server.domain.tld.key.orig
$ openssl rsa -in server.domain.tld.key.orig
Enter PEM pass phrase: YOUR_PASSWORD_HERE
Make sure the server.key file is now only readable by root:
$ chmod 400 server.domain.tld.key