On Tue, 16 Oct 2007, William A. Rowe, Jr. wrote:
Aaron Dalton wrote:AFAIK there is no way around this. If you do not want Apache to wait for a pass phrase, you have to strip the private key of encryption. This of course has multiple security problems, but I'm afraid those are your only options that I am aware of.$ openssl rsa -in encryptedkey.pem -out strippedkey.pemOf course providing a passphrase response program introduces just as many (if not more) security problems. Your best bet is to make certain that strippedkey.pem is previously touch'ed, chmod'ded 600 and owned by root before you invoke the command, above.
Many Unixes (such as FreeBSD) allow you to chmod 000 a file and root can still access and modify it. It works on my box anyway.
-- Aaron Dalton http://perlkonig.com --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|