Linux - SoftwareThis forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
i installed https service in my remote host. some times the https service suddenly dead that's y i wrote a small script and i assigned crone job every 15 minutes
but it is not working fine because of i installed ssl certificate with password when i restart the httpd service it's asking password i don't know how to give the password in script any body pls guid me how to give password argument in my shell script
below the script i wrote it. i am beginner in scripting
No, you don't have to touch anything in your startup script.
You put the SSLPassPhraseDialog directive in the appropriate apache config file and then create the little script passphrase (in the path you gave as the SSLPassPhraseDialog argument)
What the script does, is to echo the ssl password when apache starts, so you don't have to type it.
I hope it's clear now
hai bathory i tried to implimented what u said yestrday. but i am getting errors pls once u glance this errors
i edited httpd.conf file SSLPassPhraseDialog exec:/etc/httpd/conf.d/passphrase i am getting errors
next i tried to edit ssl.conf file SSLPassPhraseDialog exec:/etc/httpd/conf.d/passphrase but it is not working fine
i flowed below these steps
#######
i created passphrase file in /path/to/passphrase
#!/bin/bash
echo "XXXXXX"
##########
edited httpd.conf file
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/server.crt
SSLCertificateKeyFile /etc/httpd/conf.d/server.key
SSLPassPhraseDialog exec:/path/to/passphrase
#########
next i checked
#httpd -t
Syntax error on line 1009 of /etc/httpd/conf/httpd.conf:
SSLPassPhraseDialog cannot occur within <VirtualHost> section
########
next i removed in <VirtualHost> section
and copied after virtualhost section like this
<VirtualHost X.X.X.X:443>
DocumentRoot /var/www/html/
DirectoryIndex index.htm
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/server.crt
SSLCertificateKeyFile /etc/httpd/conf.d/server.key
ErrorLog logs/tserver-error_log
CustomLog logs/tserver-access_log common
</VirtualHost>
SSLPassPhraseDialog exec:/path/to/passphrase
httpd -t
syntax ok
service httpd start
httpd dead but subsys locked
#############
i removed SSLPassPhraseDialog exec:/path/to/passphrase section in httpd.conf file
i copied ssl.conf file
but when i tried to restart the service i got below error
httpd dead but subsys locked
if i remove this SSLPassPhraseDialog exec:/path/to/passphrase in ssl.conf file the service working fine but when i restart the service it is asking password
pls suggest me how execute my script without password
Did you remembered to make the passphrase script executable?
Also if you're running fedora as in your profile, it could be SELinux that prevents apache to execute the passphrase script.
all ready i gave the 755 permission in passpharase file so this excitable file
and disabled selinux policy
# getenforce
Disabled
but i am unable to restart the service
i am getting same error
i tested my passphrase script
cd /etc/httpd/conf.d/
#./passphrase
displaying password
#################
service httpd start
Starting httpd: Syntax error on line 1021 of /etc/httpd/conf/httpd.conf:
SSLPassPhraseDialog cannot occur within <VirtualHost> section
i con't understanding this error ###cannot occur within <VirtualHost> section####
###########################################
i checked the error_log
tail -f /var/log/httpd/error_log
[Wed May 25 00:39:22 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 25 00:39:22 2011] [warn] RSA server certificate CommonName (CN) `digitsample.com' does NOT match server name!?
[Wed May 25 00:39:22 2011] [notice] Digest: generating secret for digest authentication ...
[Wed May 25 00:39:22 2011] [notice] Digest: done
[Wed May 25 00:39:22 2011] [warn] No JkLogFile defined in httpd.conf. Using default /etc/httpd/logs/mod_jk.log
[Wed May 25 00:39:22 2011] [warn] No JkShmFile defined in httpd.conf. Using default /etc/httpd/logs/jk-runtime-status
[Wed May 25 00:39:22 2011] [warn] RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 25 00:39:22 2011] [warn] RSA server certificate CommonName (CN) `sampleserver.com' does NOT match server name!?
[Wed May 25 00:39:22 2011] [notice] Apache/2.2.8 (Unix) DAV/2 mod_jk/1.2.31 mod_ssl/2.2.8 OpenSSL/0.9.8g configured -- resuming normal operations
[Wed May 25 01:06:44 2011] [notice] caught SIGTERM, shutting down
You should put the SSLPassPhraseDialog outside the <Virtualhost ...:443>...</Virtualhost> part of the config file. And btw if you're using fedora don't put ssl stuff in httpd.conf. Open /etc/httpd/conf.d/ssl.conf, find the SSLPassPhraseDialog directive and change it accordingly
hai bathory that script is working fine but my organization is not accept to keep password in the file is it possible to put the password in the script file later i'll encrypt the script file.
You can remove the passphrase from the server's key, if you don't want to store it in a file.
To do so, make a backup of the key file just in case something goes wrong...
Code:
cp server.key server.key.bak
Then run:
Code:
openssl rsa -in server.key -out server.key
Edit ssl.conf and use "SSLPassPhraseDialog builtin", Then restart apache and see if it starts without asking for the passphrase
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.