[CLUE-Tech] SSL key question
ockers at ockers.net
ockers at ockers.net
Wed Jan 31 15:50:38 MST 2001
> Is there a way to make an SSL key that does not need a password? When I
> start up Apache with mod_ssl support I get prompted for my passphrase
> which makes it hard to just have the server startup on boot. Is there a
> way to fix this and where can I read more about it?
I haven't been watching the lists lately but I read this one for some reason.
I don't know where this information came from, but I've found it useful so that
I don't have to interactively log in to a server if it is rebooted just to get
the SSL web server running again.
If you want to remove the passphrase from a key you can simply use the
following command:
ssleay rsa -in key1.pem -out key2.pem
You will be prompted for your passphrase and the output file will not be
encrypted (as you didn't include any of the encryption
options (-des/-des3/-idea).
You can then use key2.pem where you currently use key1.pem.
If you use openssl I'm sure the command syntax is very similar. The passphrase
is needed to unlock the (encrypted) key in the first place, but that is the
last time you would need to enter it.
The passphrase is on the private key to try to give it a small measure of
security in case it is ever stolen; without the password, anyone who
compromises the filesystem security of your machine can immediately decrypt all
traffic that you think is secure.
Hope this helps.
Jim
---------------------------------------------
This message was sent using Endymion MailMan.
http://www.endymion.com/products/mailman/
More information about the clue-tech
mailing list