Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Apache w/ Mod_SSL and password protected keys.

Posted on 2004-04-05
2
Medium Priority
?
337 Views
Last Modified: 2010-03-04
I recently renewed my SSL keys and was prompted to put a password on them when generating the certificate request (I think it was at that point).

Anyway, every time I start up my apache, it makes me put in that password before apache will start up.

eg:

     # /usr/local/apache/bin/apachectl startssl
     Apache/1.3.29 mod_ssl/2.8.16 (Pass Phrase Dialog)
     Some of your private key files are encrypted for security reasons.
     In order to read them you have to provide us with the pass phrases.

     Server xxx.xxx.com:443 (RSA)

This is a problem, since when I reboot my server, apache will not start up until I go in via ssh and manually restart it and manually type in the password.

Is there a way to automate this process so that when I reboot my server, my apache WILL automatically start up without my intervention (typing in that password)?

Here's the setup of my apache from server-status:  
Apache/1.3.29 (Unix) PHP/4.3.4 mod_ssl/2.8.16 OpenSSL/0.9.7c
I'm on FreeBSD 4.9 STABLE

Thanks.
0
Comment
Question by:jcoman777
2 Comments
 
LVL 1

Author Comment

by:jcoman777
ID: 10777330
To get rid of the pass-phrase dialog at Apache startup time:
 
 Remove the encryption from the RSA private key (while preserving the original file):
   
 $ cp server.domain.tld.key server.domain.tld.key.orig
 $ openssl rsa -in server.domain.tld.key.orig -out server.domain.tld.key
 Enter PEM pass phrase: YOUR_PASSWORD_HERE
 
 Make sure the server.key file is now only readable by root:  
 
 $ chmod 400 server.domain.tld.key  
0
 
LVL 2

Accepted Solution

by:
Lunchy earned 0 total points
ID: 10778845
Closed, 250 points refunded.
Lunchy
Friendly Neighbourhood Community Support Admin
0

Featured Post

[Webinar] Database Backup and Recovery

Does your company store data on premises, off site, in the cloud, or a combination of these? If you answered “yes”, you need a data backup recovery plan that fits each and every platform. Watch now as as Percona teaches us how to build agile data backup recovery plan.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In my time as an SEO for the last 2 years and in the questions I have assisted with on here I have always seen the need to redirect from non-www urls to their www versions. For instance redirecting http://domain.com (http://domain.com) to http…
If you are a web developer, you would be aware of the <iframe> tag in HTML. The <iframe> stands for inline frame and is used to embed another document within the current HTML document. The embedded document could be even another website.
This Micro Tutorial will teach you how to add a cinematic look to any film or video out there. There are very few simple steps that you will follow to do so. This will be demonstrated using Adobe Premiere Pro CS6.
As many of you are aware about Scanpst.exe utility which is owned by Microsoft itself to repair inaccessible or damaged PST files, but the question is do you really think Scanpst.exe is capable to repair all sorts of PST related corruption issues?
Suggested Courses
Course of the Month13 days, 15 hours left to enroll

580 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question