best practice - startssl on boot?
I am running apache 2.x w/ mod_ssl in RHE. A website I am running from this machine uses an encrypted page for login. On boot, just the "normal" (apachectl start) apache is set to run.
I have encrypted and passphrase-protected my private cert, so when I "apachectl startssl", I am asked for the passphrase. Is there a way to automate the startssl at boot, or is this impossible as long as the cert is encrypted? I know that I could just take the passphrase off, but am a little reluctant to do so. Comments? --Lacinda |
As long as your server is 'physically' secure, you're fine.
You should backup the private key file first. Then you can remove the passphrase, and secure the new key file. Code:
cp server.key server.key.original |
My experience is that you'll also need to modify your apacehctl script. By just running "./apachectl start" you won't start SSL at all. You need to modify the apachectl script so that it starts SSL just by runing "./apachectl ssl". If you have any programming knowledge whatsoever, you should be able to look at apachectl and figure you what to change. There is a case statement in there that controls the action; you need to have the "start" option from one case to another. Of course, this is after you follow the directions above to remove the passphrase from the SSL cert.
|
thanks!
|
All times are GMT -5. The time now is 10:44 PM. |