On 18/08/11 03.23, Grant wrote: > I just accidentally overwrote my SSL certificate key. Is there any > way to retrieve it? Possibly some sort of export since I haven't > restarted apache2 yet?
If apache keeps the certificate file open after reading it (I doubt that's the case, but if you have lsof installed you should check just to make sure) and you didn't restart it, you could try this method: http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data Otherwise, assuming you're on ext2/ext3, ext3undel works quite well, *provided that you stop any writes to the affected volume ASAP*, e.g. by remounting it read-only. If the data hasn't been overwritten, carving tools should work too, as the ASCII-armor of the certificate provides an easily recognizable pattern and the file is almost certainly small enough to fit within a single FS block. andrea
