[ale] SSL
Michael H. Warfield
mhw at WittsEnd.com
Mon Apr 28 12:37:35 EDT 2008
On Mon, 2008-04-28 at 11:49 -0400, Brandon Colbert wrote:
> All,
> I just install an SSL cert on a server. It works fine, but when ever
> apache is restarted it is asking for the passphrase. What can I use to
> make this automated? I think pp-filter does that, but I can't find
> it.
Take the passphrase off the private key?
Think about it. Anything you do (short of a remote ssh startup) is
going to incorporate the password into what ever script or process you
use, totally obliterating any possible security you might have thought
you derived from having a passphrase on the key.
> Any ideas?
openssl rsa -in key.pem -out newkey.pem
Enter old passphrase. Give it no new passphrase.
Now use newkey.pem for your private key. It's a little more
complicated if you have your private key and public certificate in the
same file (I recommend against this) but they're just text files and I'm
sure you can figure that out to separate the two, change the password,
and recombine them.
Mike
--
Michael H. Warfield (AI4NB) | (770) 985-6132 | mhw at WittsEnd.com
/\/\|=mhw=|\/\/ | (678) 463-0932 | http://www.wittsend.com/mhw/
NIC whois: MHW9 | An optimist believes we live in the best of all
PGP Key: 0xDF1DD471 | possible worlds. A pessimist is sure of it!
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 307 bytes
Desc: This is a digitally signed message part
Url : http://mail.ale.org/pipermail/ale/attachments/20080428/02545712/attachment.bin
More information about the Ale
mailing list