At 10:57 PM 7.26.2002 -0500, David F. Reed wrote: >Dear SSL experts and aficionados and RH gurus, > >I am hoping someone out there has a piece of arcane (to me) >knowledge... > >(Running RH-7.3, apache-1.3.23-14, openssl-0.9.6b-18) > >I note that during reboot (a rare event), some one trusted >has to be around to manually key in the pass phrase to the >server.key file - sometimes it waits for this, and sometimes not; >in either case, unattended, the httpd sits around waiting to start. > >(I learned this the other day when a power outage convinced >my system to shut down, and it restarted when power resumed). > >So my question is, is there a way to generate a key that does not >look for a pass phrase, or automagically pipe the contents of some >file, or some such work around, so that unattended, it can >come up and function as a server? > >Any discussion of experience would be helpful > >Many thanks. > >--Dave >
Not sure what OS you have, but I run FBSD and this is the method I use to solve that: To decrypt the Key: First make a copy of the encrypted key # cp server.key server.key.cryp Then re-write the key with encryption. You will be prompted for the original encrypted Key passphrase # /usr/bin/openssl rsa -in server.key.cryp -out server.key read RSA key Enter PEM pass phrase: writing RSA key One way to secure the decrypted Private Key is to make readable only by the root: # chmod 400 server.key Best regards, Jack L. Stone, Administrator Sage American http://www.sage-american.com [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]