Many thanks Jack! worked like a charm.
--Dave Jack L. Stone wrote: >At 10:57 PM 7.26.2002 -0500, David F. Reed wrote: > >>Dear SSL experts and aficionados and RH gurus, >> >>I am hoping someone out there has a piece of arcane (to me) >>knowledge... >> >>(Running RH-7.3, apache-1.3.23-14, openssl-0.9.6b-18) >> >>I note that during reboot (a rare event), some one trusted >>has to be around to manually key in the pass phrase to the >>server.key file - sometimes it waits for this, and sometimes not; >>in either case, unattended, the httpd sits around waiting to start. >> >>(I learned this the other day when a power outage convinced >>my system to shut down, and it restarted when power resumed). >> >>So my question is, is there a way to generate a key that does not >>look for a pass phrase, or automagically pipe the contents of some >>file, or some such work around, so that unattended, it can >>come up and function as a server? >> >>Any discussion of experience would be helpful >> >>Many thanks. >> >>--Dave >> > >Not sure what OS you have, but I run FBSD and this is the method I use to >solve that: >To decrypt the Key: > >First make a copy of the encrypted key > ># cp server.key server.key.cryp > >Then re-write the key with encryption. You will be prompted for the >original encrypted Key passphrase > ># /usr/bin/openssl rsa -in server.key.cryp -out server.key >read RSA key >Enter PEM pass phrase: >writing RSA key > >One way to secure the decrypted Private Key is to make readable only by the >root: ># chmod 400 server.key > >Best regards, >Jack L. Stone, >Administrator > >Sage American >http://www.sage-american.com >[EMAIL PROTECTED] >______________________________________________________________________ >Apache Interface to OpenSSL (mod_ssl) www.modssl.org >User Support Mailing List [EMAIL PROTECTED] >Automated List Manager [EMAIL PROTECTED] > -- David F. Reed -> email: [EMAIL PROTECTED] (for pgp key: [EMAIL PROTECTED] http://keys.pgp.com/ ) ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
