httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Dalton <>
Subject Re: [users@httpd] SSL pass phrase
Date Tue, 16 Oct 2007 21:49:46 GMT
On Tue, 16 Oct 2007, William A. Rowe, Jr. wrote:

> Aaron Dalton wrote:
>> AFAIK there is no way around this.  If you do not want Apache to wait for a 
>> pass phrase, you have to strip the private key of encryption.  This of 
>> course has multiple security problems, but I'm afraid those are your only 
>> options that I am aware of.
>> $ openssl rsa -in encryptedkey.pem -out strippedkey.pem
> Of course providing a passphrase response program introduces just as many
> (if not more) security problems.  Your best bet is to make certain that
> strippedkey.pem is previously touch'ed, chmod'ded 600 and owned by root
> before you invoke the command, above.

Many Unixes (such as FreeBSD) allow you to chmod 000 a file and root can 
still access and modify it.  It works on my box anyway.

Aaron Dalton

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message