From owner-freebsd-questions@FreeBSD.ORG Tue Sep 7 06:10:10 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id B5EEF16A4CE for ; Tue, 7 Sep 2004 06:10:10 +0000 (GMT) Received: from mail.rtc.ro (mail.rtc.ro [212.93.139.2]) by mx1.FreeBSD.org (Postfix) with SMTP id BE73343D2D for ; Tue, 7 Sep 2004 06:10:09 +0000 (GMT) (envelope-from cristi.tauber@sbhost.ro) Received: (qmail 11836 invoked from network); 7 Sep 2004 08:57:12 +0300 Received: from unknown (HELO ?212.93.139.11?) (212.93.139.11) by mail.rtc.ro with SMTP; 7 Sep 2004 08:57:12 +0300 From: Cristi Tauber To: Josh Hansen In-Reply-To: <413C8030.5080104@sisna.com> References: <1094482572.2959.212.camel@deepblue.rtc.ro> <413C8030.5080104@sisna.com> Content-Type: text/plain Message-Id: <1094537412.5632.194.camel@deepblue.rtc.ro> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.6 (1.4.6-2) Date: Tue, 07 Sep 2004 09:10:12 +0300 Content-Transfer-Encoding: 7bit cc: FreeBSD Questions Subject: Re: httpd with SSL X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 07 Sep 2004 06:10:10 -0000 Yeessss ... thanks a lot. Cristi On Mon, 2004-09-06 at 18:20, Josh Hansen wrote: > Cristi Tauber wrote: > > > Hello, > > I installed from ports (switched from sources ... hope to learn :) ) > >apache 1.3.29 with mod-ssl. All good ... httpd works ... i issued a > >certificate ... but now when my computer reboots and apache starts in > >ssl mode it asks for pass phrase !!! So ... if computer reboots over > >night someone have to write the pass phrase so the computer can start. > >This is annoying ... how can i skip this ... can i enter the passphrase > >in my boot script ? How ??? > > > > Cristi > > > >_______________________________________________ > >freebsd-questions@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-questions > >To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" > > > > > Hello Cristi, > > This is from the apache site: > > How can I get rid of the pass-phrase dialog at Apache startup time? > > The reason why this dialog pops up at startup and every re-start is that > the RSA private key inside your server.key file is stored in encrypted > format for security reasons. The pass-phrase is needed to be able to > read and parse this file. When you can be sure that your server is > secure enough you perform two steps: > > 1. Remove the encryption from the RSA private key (while preserving > the original file): > > $ cp server.key server.key.org > $ openssl rsa -in server.key.org -out server.key > > 2. Make sure the server.key file is now only readable by root: > > $ chmod 400 server.key > > Now server.key will contain an unencrypted copy of the key. If you point > your server at this file it will not prompt you for a pass-phrase. > HOWEVER, if anyone gets this key they will be able to impersonate you on > the net. PLEASE make sure that the permissions on that file are really > such that only root or the web server user can read it (preferably get > your web server to start as root but run as another server, and have the > key readable only by root). > > As an alternative approach you can use the ``SSLPassPhraseDialog > exec:/path/to/program'' facility. But keep in mind that this is neither > more nor less secure, of course. >