Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Bypass password for SSL at apache boot up or automate it?

Posted on 2006-04-04
3
Medium Priority
?
1,347 Views
Last Modified: 2013-12-16
Hi,

I am using a Red Hat linux and I am hosting a website using SSL. When I created the key, I enabled the password protection. However, when I restart apache, its asking me the password. I would usually doesn't mind, however, we need to reboot sometime apache by a script and it doesn't restart because of this. Also, if I reboot the server, I need to go and start apache with the password. Is there a way to bypass this or make that kind of thing auto?

Thanks
Eric
0
Comment
Question by:e_poirier
1 Comment
 
LVL 3

Accepted Solution

by:
sheetbird earned 200 total points
ID: 16371266
From http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#removepassphrase

How can I get rid of the pass-phrase dialog at Apache startup time?

The reason this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in encrypted format for security reasons. The pass-phrase is needed decrypt this file, so it can be read and parsed. Removing the pass-phrase removes a layer of security from your server - proceed with caution!

   1. Remove the encryption from the RSA private key (while keeping a backup copy of the original file):

      $ cp server.key server.key.org
      $ openssl rsa -in server.key.org -out server.key

   2. Make sure the server.key file is only readable by root:

      $ chmod 400 server.key

Now server.key contains an unencrypted copy of the key. If you point your server at this file, it will not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate you on the net. PLEASE make sure that the permissions on this file are such that only root or the web server user can read it (preferably get your web server to start as root but run as another user, and have the key readable only by root).

As an alternative approach you can use the ``SSLPassPhraseDialog exec:/path/to/program'' facility. Bear in mind that this is neither more nor less secure, of course.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How many times have you wanted to quickly do the same thing to a list but found yourself typing it again and again? I first figured out a small time saver with the up arrow to recall the last command but that can only get you so far if you have a bi…
This article will show you step-by-step instructions to build your own NTP CentOS server.  The network diagram shows the best practice to setup the NTP server farm for redundancy.  This article also serves as your NTP server documentation.
Connecting to an Amazon Linux EC2 Instance from Windows Using PuTTY.
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month11 days, 13 hours left to enroll

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question