httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dan <i...@hostinthebox.net>
Subject Re: [users@httpd] Apache -Modssl with startup Pass Phase password
Date Fri, 18 Feb 2005 00:39:40 GMT
Kory Wheatley wrote:
> I assume this goes in the httpd.conf  file, like this
> SLPassPhraseDialog exec:/opt/automatepass.sh
> 
> How can I remove the -des3 key  from the private key.
> 
> I appreciate your response, thanks.
> 
> 
> 
> On Thu, 17 Feb 2005 16:42:29 -0700, dan <info@hostinthebox.net> wrote:
> 
>>Kory Wheatley wrote:
>>
>>>I've currently configured an Apache ssl production server with
>>>Apache/1.3.33 (Unix) mod_ssl/2.8.22 OpenSSL/0.9.7e.
>>>
>>>When I start the  Apache secure server up it
>>>asks for the pass phrase password, is there a way to automate this,
>>>its a pain when I restart our workstation to have to manually start
>>>the apache server, when I would like it to automatically startup when
>>>we reboot.  I'm hoping I don't have to configure the server
>>>certificate over again.
>>
>>Be really careful with how you handle this, but you can use, for starters:
>>
>>SLPassPhraseDialog exec:your_password_program
>>
>>where your_password_program is a shell script that echo's the password.
>>  You could even integrate sudo into that script so that you can limit
>>who can run that script, at what time, how often, etc etc.
>>
>>However, that clearly being the less safe option, here's another.  Don't
>>use the -des3 key generation argument, then you will no longer be
>>prompted to enter in a passphrase.
>>
>>Hope that helps
>>-dant
>>

Please bottom-post.  It just makes it easier to read the message :)

To remove the -des3 key, you would need to re-generate the certificate, 
which is why I suggested it last.

SSLPassPhraseDialog exec:/what/ev/er goes into, presumably, a 
VirtualHost container wherever the rest of your SSL options are located.

Thanks
-dant


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message