Bypass password for SSL at apache boot up or automate it?

Posted on 2006-04-04
Last Modified: 2013-12-16

I am using a Red Hat linux and I am hosting a website using SSL. When I created the key, I enabled the password protection. However, when I restart apache, its asking me the password. I would usually doesn't mind, however, we need to reboot sometime apache by a script and it doesn't restart because of this. Also, if I reboot the server, I need to go and start apache with the password. Is there a way to bypass this or make that kind of thing auto?

Question by:e_poirier
    1 Comment
    LVL 3

    Accepted Solution


    How can I get rid of the pass-phrase dialog at Apache startup time?

    The reason this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in encrypted format for security reasons. The pass-phrase is needed decrypt this file, so it can be read and parsed. Removing the pass-phrase removes a layer of security from your server - proceed with caution!

       1. Remove the encryption from the RSA private key (while keeping a backup copy of the original file):

          $ cp server.key
          $ openssl rsa -in -out server.key

       2. Make sure the server.key file is only readable by root:

          $ chmod 400 server.key

    Now server.key contains an unencrypted copy of the key. If you point your server at this file, it will not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate you on the net. PLEASE make sure that the permissions on this file are such that only root or the web server user can read it (preferably get your web server to start as root but run as another user, and have the key readable only by root).

    As an alternative approach you can use the ``SSLPassPhraseDialog exec:/path/to/program'' facility. Bear in mind that this is neither more nor less secure, of course.

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    In this tutorial I will explain how to make squid prevent malwares in five easy steps: Squid is a caching proxy for the Web supporting HTTP, HTTPS, FTP, and more. It reduces bandwidth and improves response times by caching and reusing frequently-…
    rdate is a Linux command and the network time protocol for immediate date and time setup from another machine. The clocks are synchronized by entering rdate with the -s switch (command without switch just checks the time but does not set anything). …
    Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
    Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

    755 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now