Dear Wiki user, You have subscribed to a wiki page or wiki category on "Httpd Wiki" for change notification.
The "SettingUpModSSL" page has been changed by TomasPospisek: http://wiki.apache.org/httpd/SettingUpModSSL?action=diff&rev1=5&rev2=6 Comment: add refernce to document describing the removal of the SSL cert passphrase * Do nothing - In this case, httpd will prompt the server administrator for the passphrase when starting the instance. This is often an undesired effect in the event you have configured httpd to start via init scripts or are using some other method for automated startup. * Use SSLPassPhraseDialog "exec:/path/to/command" - there are currently only two requirements for using this method. First, /path/to/command must be a file (TBD: will Daniel ever submit the patch to remove this restriction?) and should be executable as the root user. Second, the STDOUT output to /path/to/command must deliver the full passphrase. Using this method allows you to take any security mechanisms you have in mind to any extent you can imagine before delivering the passphrase via the /path/to/command. * Decrypt the key - To do this, you would need to use openssl to remove the encryption on the key like so: openssl rsa -in key.pem -out newkey.pem + * See also [[RemoveSSLCertPassPhrase]] '''WARNING''': Although you may implement elaborate methods to protect your passphrase, the httpd image in memory contains the passphrase as a string which can be obtained by triggering a core dump (ie. in the event the root process is compromised). --------------------------------------------------------------------- To unsubscribe, e-mail: docs-unsubscr...@httpd.apache.org For additional commands, e-mail: docs-h...@httpd.apache.org
