> Just installed our new Verisign cert on our apache box but are having two
> problems with it:
> 1. The person who generated the key that was sent to verisign used the wrong
> common name so the secure URL we use doesn't match the URL on the cert,
> throwing up a warning screen...any way around this other than starting over
> with a new cert?
Unfortunately no, you will need to get a new one or move your secure pages to
that domain.

> 2. Whenever we start httpd we are promoted for a password for ssl to start,
> which doesn't work for us as httpd restarts itself ever night.  Our old cert
> never did this, is this something new?

The key is encrypted, so in case anyone broke into your server, the attacker
would not be able to simply take your certificate and key and impersonate you.
He would also need that passphrase.

The way of doing this is to decrypt the key :

# ./usr/local/ssl/install/bin/openssl rsa -in www.example.com.key \
    -out www.example.com.key.unsecure

(more info at http://www.apacheworld.org/ty24/site.chapter17.html)

mod_ssl also has a directive so you can have a script provide that phrase
automatically. It is convenient, but not really any more secure, see the
"How can I get rid of the pass-phrase dialog at Apache startup time?" entry at


Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      [EMAIL PROTECTED]
Automated List Manager                            [EMAIL PROTECTED]

Reply via email to