From owner-freebsd-questions  Fri Dec  6  4:36:58 2002
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7764D37B401
	for <questions@FreeBSD.ORG>; Fri,  6 Dec 2002 04:36:57 -0800 (PST)
Received: from catv-50622a7a.nyircatv.broadband.hu (catv-50622a7a.nyircatv.broadband.hu [80.98.42.122])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 323B643EA9
	for <questions@FreeBSD.ORG>; Fri,  6 Dec 2002 04:36:56 -0800 (PST)
	(envelope-from andrew@kronos.HomeUnix.com)
Received: from slave.east.ath.cx (witch@slave.east.ath.cx [10.1.1.1])
	by catv-50622a7a.nyircatv.broadband.hu (8.12.6/8.12.6) with ESMTP id gB6Caiqp025221
	(version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO)
	for <questions@FreeBSD.ORG>; Fri, 6 Dec 2002 13:36:44 +0100 (CET)
	(envelope-from andrew@east.ath.cx)
Date: Fri, 6 Dec 2002 13:36:44 +0100 (CET)
From: Andrew Prewett <andrew@kronos.HomeUnix.com>
Reply-To: Andrew Prewett <andrew@kronos.HomeUnix.com>
To: questions@FreeBSD.ORG
Subject: Re: Question about Apache with ssl.
In-Reply-To: <B030C8F9120CCD43A1FC642851FB9FB404598A@mavrick.outland>
Message-ID: <20021206131440.H13734-100000@slave.east.ath.cx>
References: <B030C8F9120CCD43A1FC642851FB9FB404598A@mavrick.outland>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-questions@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-questions.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-questions>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-questions>
X-Loop: FreeBSD.ORG

Today Mark-Nathaniel Weisman wrote:

> I've replaced the original httpd executable with a new improved
> apachectl,

apachectl is only a wrapper script to start, stop, restart apache (httpd)...

> and of course need the startssl to fire up my ssl installed
> Web Server. When the web server fires up, you need to enter the pass
> phrase for the security. How can I automate this?

You mean, you want a decrypted key?

<prompt># openssl rsa -in encrypted.key -out decrypted.key
[you get a password prompt here]

<prompt># chown root:wheel decrypted.key
<prompt># chmod 0400 decrypted.key

(apache|ssl).conf file:
SSLCertificateKeyFile /path/to/decrypted.key

You should read the apache-ssl FAQ.

> Which file boots the web server?

 In this case the web server executable is httpd. You can start it
directly and with a wrapper script, like apachectl or (if you have
installed apache with the ports/packages system) with
/usr/local/etc/rc.d/httpd.sh (IIRC).

> And where do I add the security phrase? Any help?

 If you use the decrypted version of the key, then you'll not be prompted
again at apache startup.

	-andrew


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-questions" in the body of the message