LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-28-2004, 10:47 AM   #1
xfurious_mindx
LQ Newbie
 
Registered: Feb 2004
Posts: 12

Rep: Reputation: 0
best practice - startssl on boot?


I am running apache 2.x w/ mod_ssl in RHE. A website I am running from this machine uses an encrypted page for login. On boot, just the "normal" (apachectl start) apache is set to run.

I have encrypted and passphrase-protected my private cert, so when I "apachectl startssl", I am asked for the passphrase.

Is there a way to automate the startssl at boot, or is this impossible as long as the cert is encrypted? I know that I could just take the passphrase off, but am a little reluctant to do so.

Comments?

--Lacinda
 
Old 12-30-2004, 06:34 PM   #2
Butt-Ugly
Member
 
Registered: Nov 2004
Location: Brisbane, Australia
Distribution: Fedora Core 5
Posts: 89

Rep: Reputation: 15
As long as your server is 'physically' secure, you're fine.

You should backup the private key file first.
Then you can remove the passphrase, and secure the new key file.
Code:
cp server.key server.key.original

openssl rsa -in server.key.original -out server.key

chmod 400 server.key
Miles.
 
Old 12-30-2004, 08:17 PM   #3
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
My experience is that you'll also need to modify your apacehctl script. By just running "./apachectl start" you won't start SSL at all. You need to modify the apachectl script so that it starts SSL just by runing "./apachectl ssl". If you have any programming knowledge whatsoever, you should be able to look at apachectl and figure you what to change. There is a case statement in there that controls the action; you need to have the "start" option from one case to another. Of course, this is after you follow the directions above to remove the passphrase from the SSL cert.
 
Old 01-07-2005, 08:23 AM   #4
xfurious_mindx
LQ Newbie
 
Registered: Feb 2004
Posts: 12

Original Poster
Rep: Reputation: 0
thanks!
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
apachectl startssl error message harlow400 Linux - Software 2 03-01-2004 02:31 AM
slack 9.0 apachectl startssl doesn't work harlow400 Linux - Software 4 02-29-2004 09:03 PM
apachectl startssl doesn't work on SuSE 9.0 ahargrove Linux - Software 3 02-16-2004 11:02 PM
couldn't find startssl option in apahcectl ybc Linux - General 2 04-16-2003 12:23 AM
startssl segfaults :'( chr15t0 Linux - Software 7 01-21-2003 03:59 AM


All times are GMT -5. The time now is 10:55 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration