Red Hat Knowledgebase

Red Hat Knowledgebase Search:

Browse by topics:

Red Hat Enterprise Linux > AS/ES/WS v. 3 > Issue << 110 of 594 >>

Solution Tools:

Issue:

When Apache is configured for SSL encryption, it asks for the passphrase each time the service is started. How can I configure Apache so that this passphrase is not required at startup?

Resolution:

Release Found: Red Hat Enterprise Linux 3 and 4

Symptom:
When Apache is configured for SSL encryption, the passphrase for the encrypted key is required each time the service is started.

Solution:

Apache requires the passphrase to decrypt the private key at startup. This method is the most secure. However, it can be a nuisance since you are prompted for the passphrase each time the service is started (for example, each time the server is rebooted). The passphrase can be avoided if the key is decrypted.

Note: Encrypting the private key is very important. If a hacker obtains your unencrypted key, they can impersonate your web server from any location. Thus, if you do decide to decrypt the key to avoid the passphrase, make sure the system is secure and only allows root access to the file.

By default, the private key is located in the directory /etc/httpd/conf/ssl.key/. To decrypt the key, first make a backup copy of the encrypted key. For example:

# cd /etc/httpd/conf/ssl.key
# cp myserver.key myserver.key.encrypted

The following command will rewrite the private key without encryption. You will be prompted for the passphrase to decrypt the key:

# openssl rsa -in myserver.key.encrypted -out myserver.key

One way to secure the decrypted key is to ensure it is readable only by root:

# chmod 400 myserver.key

How well did this entry answer your question?

Red Hat Enterprise Linux > AS/ES/WS v. 3 > Issue << 110 of 594 >>

Main Site Links:

Links for this section:

Red Hat Knowledgebase