httpd-docs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Apache Wiki <wikidi...@apache.org>
Subject [Httpd Wiki] Update of "RemoveSSLCertPassPhrase" by TimBannister
Date Sat, 13 Oct 2012 17:37:25 GMT
Dear Wiki user,

You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.

The "RemoveSSLCertPassPhrase" page has been changed by TimBannister:
http://wiki.apache.org/httpd/RemoveSSLCertPassPhrase?action=diff&rev1=4&rev2=5

Comment:
Changed security warning into a Moin admonition

  ## page was renamed from Info/RemoveSSLCertPassPhrase
- = Remove SSL Certificate Passphrase =
+ = Remove SSL certificate passphrase =
  
- A lot of people ask how they can remove the passphrase requirements from an SSL key so that
Apache can be (re)started without the need to re-enter the key's passphrase.
+ A lot of people ask how they can remove the passphrase requirements from a private key so
that Apache can be (re)started without the need to re-enter the key's passphrase.
  
- There are two main options, but before we get to those you need to be aware of the risks
associated with doing this.
+ {{{#!wiki caution
+ '''Security warning'''
+ 
- Once you remove the requirement for the passphrase, the certificate can be easily copied
and used elsewhere, thus raising the risk of it being abused.  If you *must* remove the passphrase
then you must take adequate protection in the storage of the file.  Ensure that the permissions
are set to only allow access to those who *need* it.
+ Once you remove the requirement for the passphrase, the certificate can be easily copied
and used elsewhere, thus raising the risk of it being abused.  If you must remove the passphrase
then you must take adequate protection in the storage of the file.  Ensure that the permissions
are set to only allow access to those who need it.
+ }}}
  
  Now that you have been warned about the risks, we can continue onto the options 
  
-  1. Apache has a directive you can use, called '' 'SSL!PassPhraseDialog' ''.   Click [[http://httpd.apache.org/docs/2.2/mod/mod_ssl.html#sslpassphrasedialog|here]]
for the documentation on this directive.
+  1. httpd has a directive you can use, [[http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslpassphrasedialog|SSLPassPhraseDialog]].
   1. You can use OpenSSL to remove the passphrase from the certificate completely.
  
  
@@ -20, +23 @@

  SSLPassPhraseDialog exec:/path/to/script
  }}}
  
- '' '''N.B.'''  'SSL!PassPhraseDialog' can only be used in the main server config, and must
be outside of any <Directory> or <Location> blocks. ''
+ '' '''N.B.'''  'SSLPassPhraseDialog' can only be used in the main server config, and must
be outside of any <Directory> or <Location> blocks. ''
  
  <<BR>>
  Inside an example perl script:
@@ -36, +39 @@

  }}}
  
  
- == How to decrypt a key with OpenSSL ==
+ == How to strip a key with OpenSSL ==
  
  With OpenSSL you can actually remove the passphrase from the SSL key completely.  This will
avoid Apache asking you to enter the passphrase every time it is started. To do this go to
the command line and type
  

---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org


Mime
View raw message