Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 12-28-2004, 10:47 AM   #1
LQ Newbie
Registered: Feb 2004
Posts: 12

Rep: Reputation: 0
best practice - startssl on boot?

I am running apache 2.x w/ mod_ssl in RHE. A website I am running from this machine uses an encrypted page for login. On boot, just the "normal" (apachectl start) apache is set to run.

I have encrypted and passphrase-protected my private cert, so when I "apachectl startssl", I am asked for the passphrase.

Is there a way to automate the startssl at boot, or is this impossible as long as the cert is encrypted? I know that I could just take the passphrase off, but am a little reluctant to do so.


Old 12-30-2004, 06:34 PM   #2
Registered: Nov 2004
Location: Brisbane, Australia
Distribution: Fedora Core 5
Posts: 89

Rep: Reputation: 15
As long as your server is 'physically' secure, you're fine.

You should backup the private key file first.
Then you can remove the passphrase, and secure the new key file.
cp server.key server.key.original

openssl rsa -in server.key.original -out server.key

chmod 400 server.key
Old 12-30-2004, 08:17 PM   #3
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
My experience is that you'll also need to modify your apacehctl script. By just running "./apachectl start" you won't start SSL at all. You need to modify the apachectl script so that it starts SSL just by runing "./apachectl ssl". If you have any programming knowledge whatsoever, you should be able to look at apachectl and figure you what to change. There is a case statement in there that controls the action; you need to have the "start" option from one case to another. Of course, this is after you follow the directions above to remove the passphrase from the SSL cert.
Old 01-07-2005, 08:23 AM   #4
LQ Newbie
Registered: Feb 2004
Posts: 12

Original Poster
Rep: Reputation: 0


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
apachectl startssl error message harlow400 Linux - Software 2 03-01-2004 02:31 AM
slack 9.0 apachectl startssl doesn't work harlow400 Linux - Software 4 02-29-2004 09:03 PM
apachectl startssl doesn't work on SuSE 9.0 ahargrove Linux - Software 3 02-16-2004 11:02 PM
couldn't find startssl option in apahcectl ybc Linux - General 2 04-16-2003 12:23 AM
startssl segfaults :'( chr15t0 Linux - Software 7 01-21-2003 03:59 AM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 11:51 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration