httpd service restart wants password
I know how I did this, I'm looking to find out how to get rid of it.
I was generating a Secure Certificate Request and the password i used for the certificate has to be entered every time I reboot so I can start HTTPD services. Is there a FAQ on how to get rid of the password all together? I ended up using the certificate on another server so it is not a concern. I'm running FC3/Apache Thanks for any help! |
You can remove the passphrase from your key with the following command. There is a security risk, but it sounds like you've already considered that:
Code:
openssl rsa -in server.key -out server.pem |
Gilead,
Thanks much for responding to my question. I get the following response using that command. Is this a path issue? Code:
[root@server1 ~]# openssl rsa -in server.key -out test.pem Thanks again for your time |
It could be - I run the commands from the directory that the key is located in. Here's the script I use:
Code:
#! /bin/bash |
I managed to break httpd, it wont start now. LOL
:confused: |
Murphy's law is always at work :) Are there any messages in the error or access logs?
|
ssl_error_log
Code:
[Thu Sep 07 21:04:46 2006] [error] SSL Library Error: 185073780 error:0B080074:x509 certificate routines:X509_check_private_key::key values mismatch Code:
[Thu Sep 07 21:04:46 2006] [notice] suEXEC mechanism enabled (wrapper: /usr/sbin/suexec) If it makes any difference, I don't require SSL for any sites on this box. I've never had a service die like that before (not that I'm a guru to begin with). If I used this command right, I don't think apache is running at all. Code:
ps -ef | grep httpd |
When you run apachectl (/usr/local/apache2/bin/apachectl on my system) do you get output like the following?
Code:
# /usr/local/apache2/bin/apachectl -l | grep ssl |
I didnt get any reaction from the first command (grep) the exact output is:
Code:
# apachectl -l | grep ssl |
As far as I know you need mod_ssl for the https stuff to work. The process I use for building Apache is:
Code:
./configure --with-layout=Apache --prefix=/usr/local/apache2 --enable-rule=SHARED_CORE --enable-so --enable-ssl --enable-rewrite --with-ssl=/usr/include |
I am running the default vanilla install that fedora does for apache and most services.
All I originally did was generate a csr and that started this whole password thing requirement everytime I rebooted the server (had to do a manual: services httpd start and it prompted me for the password and after that it worked ok. I was just trying to eliminate the need for that originally. I really dont have a need for https at all anyway. |
Apache does not start as there is a problem with the certificate. I use Slackware and don't know much about fedora but you should be able to start apache without ssl support (on my box as shown below).
Code:
/usr/sbin/apachectl startssl # start with SSL support You can also generate a new key and from there a new certificate (in my opinion the best option). Code:
root@btd-techweb01:~# /usr/bin/openssl genrsa -rand /dev/urandom -out btd-techweb01.key 1024 Quote:
|
Thanks much for the suggestion. I too thought I just need to create a new key.
My question there is. All the Fedora folders regarding ssl/ appear to be the following structure: drwx------ 2 root root 4096 Oct 10 2005 ssl.crl drwx------ 2 root root 4096 Jun 25 15:05 ssl.crt drwx------ 2 root root 4096 Sep 5 2005 ssl.csr drwx------ 2 root root 4096 Sep 8 00:19 ssl.key drwx------ 2 root root 4096 Sep 5 2005 ssl.prm My question is. By running the commands to create the key from /usr/sbin/ does that put the required files into those folders automatically? ie: the .crt file you create, does that go into the /ssl.crt folder by itself? I'm sorry I sound like such a noob :( I am.. as I mentioned. I never had to touch this stuff before, it was all just the default Fedora installation prior to me generating the orignal csr. Thanks much for your advice folks. |
Quote:
You can put the cert in ssl.crt by itself, mine is. The tutorial I used had a directory structure I've stuck with because it worked. /usr/local/apache2/conf/ssl.crt contains server.crt and /usr/local/apache2/conf/ssl.key contains server.key (and my script). |
Thanks for your help all. I was able to fix it following this.
http://www.apache-ssl.org/#FAQ Just created the key/certificate and dumped them in the proper folders. Once I did that, httpd started without any trouble. Now I'm off to install FC5 on another box. Fighting a lockup problem though when Gnome starts think its the graphics settings. Thanks Again!! |
All times are GMT -5. The time now is 06:20 AM. |