Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
need too enter phrase for SSL every bootup
- Thread starter yiutin03
- Start date
Here is a snip from a site (saves me re-writing it) that may help: .....
PLEASE BACKUP YOUR KEYS FIRST BEFORE DOING ANYTHING LISTED BELOW, I take no responsibility :¬)
Laurie.
<START SNIP>
Question:
How can I get rid of the pass-phrase dialog at Apache startup time?
Answer:
The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your
server.key file is stored in encrypted format for security reasons. The pass-phrase is needed to be able to
read and parse this file. When you can be sure that your server is secure enough you perform two steps:
1.Remove the encryption from the RSA private key (while preserving the original file):
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
2.Make sure the server.key file is now only readable by root:
$ chmod 400 server.key
Now server.key will contain an unencrypted copy of the key. If you point your server at this file it will
not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate
you on the net. PLEASE make sure that the permissions on that file are really such that only root or the
web server user can read it (preferably get your web server to start as root but run as another server, and
have the key readable only by root).
As an alternative approach you can use the ``SSLPassPhraseDialog
exec:/path/to/program'' facility. But keep in mind that this is neither more nor less secure, of
course.
<END SNIP>
Good Luck.
Laurie.
PLEASE BACKUP YOUR KEYS FIRST BEFORE DOING ANYTHING LISTED BELOW, I take no responsibility :¬)
Laurie.
<START SNIP>
Question:
How can I get rid of the pass-phrase dialog at Apache startup time?
Answer:
The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your
server.key file is stored in encrypted format for security reasons. The pass-phrase is needed to be able to
read and parse this file. When you can be sure that your server is secure enough you perform two steps:
1.Remove the encryption from the RSA private key (while preserving the original file):
$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key
2.Make sure the server.key file is now only readable by root:
$ chmod 400 server.key
Now server.key will contain an unencrypted copy of the key. If you point your server at this file it will
not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate
you on the net. PLEASE make sure that the permissions on that file are really such that only root or the
web server user can read it (preferably get your web server to start as root but run as another server, and
have the key readable only by root).
As an alternative approach you can use the ``SSLPassPhraseDialog
exec:/path/to/program'' facility. But keep in mind that this is neither more nor less secure, of
course.
<END SNIP>
Good Luck.
Laurie.
- Status
Similar threads
- Locked
- Question