LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices


Reply
  Search this Thread
Old 11-24-2004, 05:49 PM   #1
DropHit
Member
 
Registered: Oct 2003
Posts: 95

Rep: Reputation: 15
Start apache with the pass phrase


When i restart apache i am prompted for a Pass Phrase this is due to my cert being pass phrase protected, how and where do i provide this pass phrase in my apache startup file so that it will not prompt me and will start normally when the server is rebooted?

My apache start file

#!/bin/bash
#
# Startup script for the Apache Web Server
#
# chkconfig: - 85 15
# description: Apache is a World Wide Web server. It is used to serve \
# HTML files and CGI.
# processname: httpd
# pidfile: /var/run/httpd.pid
# config: /etc/httpd/conf/access.conf
# config: /etc/httpd/conf/httpd.conf
# config: /etc/httpd/conf/srm.conf

# Source function library.
. /etc/rc.d/init.d/functions

# This will prevent initlog from swallowing up a pass-phrase prompt if
# mod_ssl needs a pass-phrase from the user.
INITLOG_ARGS=""

# Path to the apachectl script, server binary, and short-form for messages.
apachectl=/usr/sbin/apachectl
httpd=/usr/sbin/httpd
prog=httpd
RETVAL=0

# Find the installed modules and convert their names into arguments httpd
# can use.
moduleargs() {
moduledir=/usr/lib/apache
moduleargs=`
/usr/bin/find ${moduledir} -type f -perm -0100 -name "*.so" | env -i tr '[:lower:]' '[:upper:]' | awk '{\
gsub(/.*\//,"");\
gsub(/^MOD_/,"");\
gsub(/^LIB/,"");\
gsub(/\.SO$/,"");\
print "-DHAVE_" $0}'`
echo ${moduleargs}
}

# The semantics of these two functions differ from the way apachectl does
# things -- attempting to start while running is a failure, and shutdown
# when not running is also a failure. So we just do it the way init scripts
# are expected to behave here.
start() {
echo -n $"Starting $prog: "
daemon $httpd `moduleargs` $OPTIONS
RETVAL=$?
echo
[ $RETVAL = 0 ] && touch /var/lock/subsys/httpd
return $RETVAL
}
stop() {
echo -n $"Stopping $prog: "
killproc $httpd
RETVAL=$?
echo
[ $RETVAL = 0 ] && rm -f /var/lock/subsys/httpd /var/run/httpd.pid
}
reload() {
echo -n $"Reloading $prog: "
killproc $httpd -HUP
RETVAL=$?
echo
}

# See how we were called.
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $httpd
RETVAL=$?
;;
restart)
stop
start
;;
condrestart)
if [ -f /var/run/httpd.pid ] ; then
stop
start
fi
;;
reload)
reload
;;
graceful|help|configtest)
$apachectl $@
RETVAL=$?
;;
*)
echo $"Usage: $prog {start|stop|restart|condrestart|reload|status|fullstatus|graceful|help|configtest}"
exit 1
esac

exit $RETVAL


Z
 
Old 11-25-2004, 03:13 AM   #2
nukkel
Member
 
Registered: Mar 2003
Location: Belgium
Distribution: Hardened gentoo
Posts: 323

Rep: Reputation: 30
You'll need to remove the encryption from the server's private key. First look up where it is, look for "SSLCertificateKeyFile" in your /etc/httpd/conf/httpd.conf. Let's call the keyfile <input>

Then do "openssl rsa -in <input> -out <output>"
As <output> choose a different filename. Now change the httpd.conf file so "SSLCertificateKeyFile" points to the newly created file.

Note that, if this private key is stolen, your server is no longer secure, since the key is now no longer protected by a passphrase!

greets
nukkel
 
Old 11-25-2004, 03:58 AM   #3
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,821

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
In your httpd.conf add or edit the line:
Code:
SSLPassPhraseDialog exec:/path/to/passphrase-file
Create a passphrase-file at the above dir like this:
Code:
#!/sbin/sh
echo "passphrase"
 
Old 11-26-2004, 11:50 AM   #4
DropHit
Member
 
Registered: Oct 2003
Posts: 95

Original Poster
Rep: Reputation: 15
Not sure

Not sure what that last line means i just get a echo from that...

Can i just create a file and put the passphrase in it?

Ok i tried the above and got an erro, it basically did not work, does the passphrase need to be a certain kind of file, or havea specific formatting?

Z

Last edited by DropHit; 11-26-2004 at 12:04 PM.
 
Old 11-27-2004, 08:06 AM   #5
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,821

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
Yes, create a file, for example in /etc/httpd/conf, named passphrase. Inside that file put the 2 lines of code and make it executable.
Code:
chmod +x /etc/httpd/conf/passphrase
Then check your /etc/httpd/conf/httpd.conf for the line that contains "SSLPassPhraseDialog ..."
Change it like this:
Code:
SSLPassPhraseDialog exec:/etc/httpd/conf/passphrase
If that line does not exist create it
What that file does is that, when apache asks for the passphrase it runs this file and echoes the passphrase to apache to continue loading.
Stop apache and start it with ssl support:
Code:
/usr/sbin/apachectl stop
/usr/sbin/apachectl startssl
 
Old 11-27-2004, 09:48 AM   #6
DropHit
Member
 
Registered: Oct 2003
Posts: 95

Original Poster
Rep: Reputation: 15
OK great worked

Yeah ok worked for me now

Thanks

Z
 
Old 02-12-2010, 01:53 PM   #7
altmann
LQ Newbie
 
Registered: Feb 2010
Posts: 3

Rep: Reputation: 0
Perhaps you can help me:

My server configuration is

Apache
Suse Linux 11.1

I have a Server Certificate from a CA which I copied to
/etc/apache2/ssl.crt as server.crt (overwriting the old file)

I've have got a Root CA Certificate from this Server Certificate
which is in
/etc/apache2/ssl.crt as ca.crt

and for downloading purpose also in /srv/www/htdocs as CA.crt

Furthermore, I copied my private-public-key-pair to /etc/apache2/ssl.key as s2.key

The ssl global configuration is included in the httpd.conf over the file ssl-global.conf (instruction: Include /etc/apache2/ssl-global.conf)

The ssl-global-conf configuration is encapsulated in

<Define SSL>
<Define !NOSSL>
<Module mod_ssl.c>

Inside this Encapsulation I changed:

SSLPassPhraseDialog builtin

to

SSLPassPhraseDialog exec:/etc/apache2/ssl.key/ppf

whereby ppf is a textfile containing the passphrase for the private-public-key-pair, so Apache should be started without authentication input prompt.

I furthermore append inside the encapsulation

SSLVerifyClient none
SSLCACertificateFile /etc/apache2/ssl.crt/ca.crt
SSLCertificateKeyFile /etc/apache2/ssl.key/s2.key
SSLCertificateFile /etc/apache2/ssl.crt/server.crt

<Location /secure/area>
SSLVerifyClient require
SSLVerifyDepth 1
</Location>

When I now want to restart the Server in /etc/init.d with ./apache2 restart

the follwing display appears:

[Fri Feb 12 20:54:59 2010] [warn] module python_module is already loaded, skipping
Syntax OK
Starting httpd2 (prefork) [Fri Feb 12 20:54:59 2010] [warn] module python_module is already loaded, skipping
failed

So Apache couldn't restart. Can you see the error, or do you know where I can look for?


I would be very pleased If you could help me
 
Old 02-12-2010, 03:36 PM   #8
bathory
LQ Guru
 
Registered: Jun 2004
Location: Piraeus
Distribution: Slackware
Posts: 11,821

Rep: Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591Reputation: 1591
Hi altmann

You should not revive a 6yrs old thread. Besides it's for apache 1.3 and I guess you're using apache 2.x
Just open a new thread describing your problem and we'll be happy to help.
In the meantime I don't see any errors, just a warning about mod_python.
So check error_log and add the findings in your new thread

Regards
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Apache mod_proxy Proxy Pass dancarl Linux - Software 0 08-15-2005 11:10 AM
Cant start linux. Tells me to put login/pass smurcoch Slackware 10 05-12-2005 10:43 AM
apache, complex .htaccess control with ip/pass, is this possible? SBing Linux - Software 0 05-27-2004 07:53 AM
pass phrase from disk in ppdd shashi_lq Linux - Security 1 04-18-2004 05:52 AM
phpnuke pass login to apache basic ? michael_util Linux - Newbie 1 03-20-2004 10:15 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Software

All times are GMT -5. The time now is 07:19 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration