From owner-freebsd-questions Fri Dec 6 4:36:58 2002 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7764D37B401 for ; Fri, 6 Dec 2002 04:36:57 -0800 (PST) Received: from catv-50622a7a.nyircatv.broadband.hu (catv-50622a7a.nyircatv.broadband.hu [80.98.42.122]) by mx1.FreeBSD.org (Postfix) with ESMTP id 323B643EA9 for ; Fri, 6 Dec 2002 04:36:56 -0800 (PST) (envelope-from andrew@kronos.HomeUnix.com) Received: from slave.east.ath.cx (witch@slave.east.ath.cx [10.1.1.1]) by catv-50622a7a.nyircatv.broadband.hu (8.12.6/8.12.6) with ESMTP id gB6Caiqp025221 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for ; Fri, 6 Dec 2002 13:36:44 +0100 (CET) (envelope-from andrew@east.ath.cx) Date: Fri, 6 Dec 2002 13:36:44 +0100 (CET) From: Andrew Prewett Reply-To: Andrew Prewett To: questions@FreeBSD.ORG Subject: Re: Question about Apache with ssl. In-Reply-To: Message-ID: <20021206131440.H13734-100000@slave.east.ath.cx> References: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Today Mark-Nathaniel Weisman wrote: > I've replaced the original httpd executable with a new improved > apachectl, apachectl is only a wrapper script to start, stop, restart apache (httpd)... > and of course need the startssl to fire up my ssl installed > Web Server. When the web server fires up, you need to enter the pass > phrase for the security. How can I automate this? You mean, you want a decrypted key? # openssl rsa -in encrypted.key -out decrypted.key [you get a password prompt here] # chown root:wheel decrypted.key # chmod 0400 decrypted.key (apache|ssl).conf file: SSLCertificateKeyFile /path/to/decrypted.key You should read the apache-ssl FAQ. > Which file boots the web server? In this case the web server executable is httpd. You can start it directly and with a wrapper script, like apachectl or (if you have installed apache with the ports/packages system) with /usr/local/etc/rc.d/httpd.sh (IIRC). > And where do I add the security phrase? Any help? If you use the decrypted version of the key, then you'll not be prompted again at apache startup. -andrew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message