|
Start apache with the pass phrase
When i restart apache i am prompted for a Pass Phrase this is due to my cert being pass phrase protected, how and where do i provide this pass phrase in my apache startup file so that it will not prompt me and will start normally when the server is rebooted?
My apache start file #!/bin/bash # # Startup script for the Apache Web Server # # chkconfig: - 85 15 # description: Apache is a World Wide Web server. It is used to serve \ # HTML files and CGI. # processname: httpd # pidfile: /var/run/httpd.pid # config: /etc/httpd/conf/access.conf # config: /etc/httpd/conf/httpd.conf # config: /etc/httpd/conf/srm.conf # Source function library. . /etc/rc.d/init.d/functions # This will prevent initlog from swallowing up a pass-phrase prompt if # mod_ssl needs a pass-phrase from the user. INITLOG_ARGS="" # Path to the apachectl script, server binary, and short-form for messages. apachectl=/usr/sbin/apachectl httpd=/usr/sbin/httpd prog=httpd RETVAL=0 # Find the installed modules and convert their names into arguments httpd # can use. moduleargs() { moduledir=/usr/lib/apache moduleargs=` /usr/bin/find ${moduledir} -type f -perm -0100 -name "*.so" | env -i tr '[:lower:]' '[:upper:]' | awk '{\ gsub(/.*\//,"");\ gsub(/^MOD_/,"");\ gsub(/^LIB/,"");\ gsub(/\.SO$/,"");\ print "-DHAVE_" $0}'` echo ${moduleargs} } # The semantics of these two functions differ from the way apachectl does # things -- attempting to start while running is a failure, and shutdown # when not running is also a failure. So we just do it the way init scripts # are expected to behave here. start() { echo -n $"Starting $prog: " daemon $httpd `moduleargs` $OPTIONS RETVAL=$? echo [ $RETVAL = 0 ] && touch /var/lock/subsys/httpd return $RETVAL } stop() { echo -n $"Stopping $prog: " killproc $httpd RETVAL=$? echo [ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd /var/run/httpd.pid } reload() { echo -n $"Reloading $prog: " killproc $httpd -HUP RETVAL=$? echo } # See how we were called. case "$1" in start) start ;; stop) stop ;; status) status $httpd RETVAL=$? ;; restart) stop start ;; condrestart) if [ -f /var/run/httpd.pid ] ; then stop start fi ;; reload) reload ;; graceful|help|configtest) $apachectl $@ RETVAL=$? ;; *) echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}" exit 1 esac exit $RETVAL Z |
You'll need to remove the encryption from the server's private key. First look up where it is, look for "SSLCertificateKeyFile" in your /etc/httpd/conf/httpd.conf. Let's call the keyfile <input>
Then do "openssl rsa -in <input> -out <output>" As <output> choose a different filename. Now change the httpd.conf file so "SSLCertificateKeyFile" points to the newly created file. Note that, if this private key is stolen, your server is no longer secure, since the key is now no longer protected by a passphrase! greets nukkel |
In your httpd.conf add or edit the line:
Code:
SSLPassPhraseDialog exec:/path/to/passphrase-fileCode:
#!/sbin/sh |
Not sure
Not sure what that last line means i just get a echo from that...
Can i just create a file and put the passphrase in it? Ok i tried the above and got an erro, it basically did not work, does the passphrase need to be a certain kind of file, or havea specific formatting? Z |
Yes, create a file, for example in /etc/httpd/conf, named passphrase. Inside that file put the 2 lines of code and make it executable.
Code:
chmod +x /etc/httpd/conf/passphraseChange it like this: Code:
SSLPassPhraseDialog exec:/etc/httpd/conf/passphraseWhat that file does is that, when apache asks for the passphrase it runs this file and echoes the passphrase to apache to continue loading. Stop apache and start it with ssl support: Code:
/usr/sbin/apachectl stop |
OK great worked
Yeah ok worked for me now
Thanks Z |
Perhaps you can help me:
My server configuration is Apache Suse Linux 11.1 I have a Server Certificate from a CA which I copied to /etc/apache2/ssl.crt as server.crt (overwriting the old file) I've have got a Root CA Certificate from this Server Certificate which is in /etc/apache2/ssl.crt as ca.crt and for downloading purpose also in /srv/www/htdocs as CA.crt Furthermore, I copied my private-public-key-pair to /etc/apache2/ssl.key as s2.key The ssl global configuration is included in the httpd.conf over the file ssl-global.conf (instruction: Include /etc/apache2/ssl-global.conf) The ssl-global-conf configuration is encapsulated in <Define SSL> <Define !NOSSL> <Module mod_ssl.c> Inside this Encapsulation I changed: SSLPassPhraseDialog builtin to SSLPassPhraseDialog exec:/etc/apache2/ssl.key/ppf whereby ppf is a textfile containing the passphrase for the private-public-key-pair, so Apache should be started without authentication input prompt. I furthermore append inside the encapsulation SSLVerifyClient none SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt SSLCertificateKeyFile /etc/apache2/ssl.key/s2.key SSLCertificateFile /etc/apache2/ssl.crt/server.crt <Location /secure/area> SSLVerifyClient require SSLVerifyDepth 1 </Location> When I now want to restart the Server in /etc/init.d with ./apache2 restart the follwing display appears: [Fri Feb 12 20:54:59 2010] [warn] module python_module is already loaded, skipping Syntax OK Starting httpd2 (prefork) [Fri Feb 12 20:54:59 2010] [warn] module python_module is already loaded, skipping failed So Apache couldn't restart. Can you see the error, or do you know where I can look for? I would be very pleased If you could help me |
Hi altmann
You should not revive a 6yrs old thread. Besides it's for apache 1.3 and I guess you're using apache 2.x Just open a new thread describing your problem and we'll be happy to help. In the meantime I don't see any errors, just a warning about mod_python. So check error_log and add the findings in your new thread Regards |
| All times are GMT -5. The time now is 05:58 PM. |