LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (http://www.linuxquestions.org/questions/linux-software-2/)
-   -   Apache hangs at boot time due to RSA - Need fix (http://www.linuxquestions.org/questions/linux-software-2/apache-hangs-at-boot-time-due-to-rsa-need-fix-437591/)

johndmann 04-21-2006 08:34 PM

Apache hangs at boot time due to RSA - Need fix
 
Okay, so basically, I have Debian Sarge running Apache 1.x (1.3.33 or whatever number it is).

It used to be fine until I added in SSH abilities.

When I did that, when I rebooted the server (very seldom, but it happens), it would just stop when it got to the part of the startup which loaded Apache. I was able to SSH into the server from another system, and found that Apache was not running on the system at the time, so it was getting hung before it started up for some reason.

So, I removed it from the init scripts:
Code:

update-rc.d -f apache remove
This did the trick, and I can boot now, but it doesn't solve the issue of WHY it hangs on boot. Once I fixed that (I will add it back to the init scripts later, after I solve this problem), I was able to boot the system without hangs, but, of course, apache does not auto-start!

So, Once I got on the system, I did an apachectl start, and I think this is why it hangs - it asks for an RSA key passphrase, and it can't do that at boot time, so it never completes that task.
Code:

Apache/1.3.33 mod_ssl/2.8.22 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server lists.mydomain.com:443 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
/usr/sbin/apachectl restart: httpd started

So, my question is... How do I get it to NOT ask me for that pass phrase, so that I can boot-load Apache?

ataraxia 04-21-2006 09:19 PM

It wants the passphrase because the RSA private key is encrypted. If you instead store it on the disk in plaintext, this will fix your problem.

Install the "openssl" package - probably you have it already. Now, shut down apache, cd to /etc/apache-ssl/, and do
Code:

openssl rsa -in apache.pem -out apache.pem.new
mv apache.pem apache.pem.old
mv apache.pem.new apache.pem

The first command will ask you for the passphrase, and write the plaintext version to apache.pem.new .

All this assumes that your private key is stored in the default place, /etc/apache-ssl/apache.pem .


All times are GMT -5. The time now is 01:19 AM.