Tell me more ×
Unix & Linux Stack Exchange is a question and answer site for users of Linux, FreeBSD and other Un*x-like operating systems.. It's 100% free, no registration required.
up vote 2 down vote favorite
1

So I'm maintaining a server which has a verified SSL certificate setup, however there is a password on the private key and so whenever apache is reboot, we get a message asking for the password. This isn't a major issue, but becomes one when you reboot the machine! When this happens, it will hang at apache startup (I can tell by viewing the syslog through AWS) and then the machine doesn't run sshd and so I cannot access the server any more!

Is there a way to setup apache to use this key without asking for the password? I think one option would be to reissue the SSL certificate but this time not using a password, but then is that unsafe?

share|improve this question
apparently expect can be used in this case: prongs.org/linux/apache/node23.html – goldilocks Feb 6 at 11:29

1 Answer

up vote 4 down vote accepted

The reason it's asking for the password is to protect your SSL certificate - in case your server gets cracked, the cracker can get access to both your certificate and the key to it. But as long as a password is required in order to use the key, the intruder won't be able to use it.

If you are convinced that your server is secure enough that there's no way an cracker can get at it, you can remove the passphrase from the key - though I really really don't recommend it!

The way to remove the passphrase is to first make a backup copy of the key. Then run the command

openssl rsa -in backupcopy.key -out keyname.key

You will be prompted for the password, and then openssl will write out a key that doesn't require a password. But again, that is really unsafe.

share|improve this answer
Hey I just found this command online. The server is locked down on AWS quite well, but I guess that is probably not enough. I think the only other thing I could do is somehow make sure apache is the last thing to be started at boot. I'm not too bothered about the passwd, it's the lack of access on reboot at the moment that is the problem! – ing0 Feb 6 at 11:07
1  
In that case I'd just disable apache from starting at boot entirely, and start it manually once the server is up. – Jenny D Feb 6 at 11:37
Fair point, I'll set that up ;) – ing0 Feb 6 at 16:19

Your Answer

 
discard

By posting your answer, you agree to the privacy policy and terms of service.

Not the answer you're looking for? Browse other questions tagged or ask your own question.