Re: SSLPassPhraseDialog several certificates
On 1/28/06, Konstantin N. Bezruchenko [EMAIL PROTECTED] wrote: Greetings,I need setup new virtualhost with ssl certificate, and i dont want enterpasswords every time when apache restarts. When i have only onecertificate i use:SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl I try set two SSLPassPhraseDialog with two different exec scripts, butapache could not start. When i enter password manually - everything is ok.So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? Why not save the certificates without passphrases? -- But we also know the dangers of a religion that severs its links with reason and becomes prey to fundamentalism --Cardinal Paul PoupardIt morphs into the Republican party!-- BJ
Re: SSLPassPhraseDialog several certificates
Greetings, BJ Swope wrote: So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? Why not save the certificates without passphrases? Because we already have password-protected certificates, and as i know we cant remove password protection from existing certificate. -- Konstantin N. Bezruchenko | BK5536-RIPE __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSLPassPhraseDialog several certificates
To remove the passphrase (on the key, not the certificate): cp a.key temp openssl rsa -in temp -out a.key On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote: Greetings, BJ Swope wrote: So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? Why not save the certificates without passphrases? Because we already have password-protected certificates, and as i know we cant remove password protection from existing certificate. -- Konstantin N. Bezruchenko | BK5536-RIPE __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSLPassPhraseDialog several certificates
On 1/30/06, Konstantin N. Bezruchenko [EMAIL PROTECTED] wrote: Because we already have password-protected certificates, and as i know we cant remove password protection from existing certificate. That's not correct. Your certificate is not password protected... your private key is. And you can definitely remove the password from the private key. From the OpenSSL documentation: To remove the pass phrase on an RSA private key: openssl rsa -in key.pem -out keyout.pem To remove the pass phrase on a DSA private key: openssl dsa -in key.pem -out keyout.pem Hope this helps. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
R: SSLPassPhraseDialog several certificates
You can remove the password with the command openssl rsa -in name_of_the_file_with_the_password-protected_private_key -out name_of_the_file_without_password In the output file there is just the private key, so if in the original file contains also the certificate, you have to concatenate the decrypted private key with the certificate. Claudio Campetto -Messaggio originale- Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Per conto di Konstantin N. Bezruchenko Inviato: lunedì 30 gennaio 2006 13.39 A: modssl-users@modssl.org Oggetto: Re: SSLPassPhraseDialog several certificates Greetings, BJ Swope wrote: So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? Why not save the certificates without passphrases? Because we already have password-protected certificates, and as i know we cant remove password protection from existing certificate. -- Konstantin N. Bezruchenko | BK5536-RIPE __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
