Can I skip the PEM pass phrase question when I restart the webserver?

security apache https nginx
93,043

Solution 1

As suggested, I asked the question on ServerFault: https://serverfault.com/questions/161768/restart-webserver-without-entering-a-password

But the short answer is:

Backup your key:

> cp server.key server.key.org

Strip out the password:

> openssl rsa -in server.key.org -out server.key

[enter the passphrase]

The newly created server.key file has no more passphrase in it and the webservers start without needing a password.

Another option is to use Apaches SSLPassPhraseDialog option to automatically answer the SSL pass phrase question.

Disclaimer: If the private key is no longer encrypted, it is critical that this file only be readable by the root user! If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked.

Solution 2

Yes, this is a common thing to do. If the pass phrase would be stored on disk, an attacker could take over the certificate.

Off course you could remove the pass phrase from the certificate, but I would not recommend that! Also other technical solutions exists with external peripherals.

Share:
93,043

Related videos on Youtube

Tom
Author by

Tom

Updated on September 17, 2022

Comments

  • Tom
    Tom over 1 year

    After buying a multi-domain SSL certificate I have started testing it with the Nginx webserver (following documentation in their SSL wiki page).

    Everything is fine, it works and I get a green padlock symbol in the URL bar but... every time I restart Nginx I get asked the following question (once for each server, e.g. 5 times):

    Starting nginx: Enter PEM pass phrase:

    Is this normal and what many other people do? or can I configure it so the password is remembered?

    In particular, this is a issue when the machine is rebooted because the webserver won't start until the PEM pass phrase is entered (meaning the website has downtime until there is some human interaction).

    • Admin
      Admin almost 14 years
      You will probably get much better answers for this on serverfault.com

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why do I get browser warnings on my new lets encrypt ssl setup?
Does renewing SSL certificate require re-issuing the cert?
socket: Connection refused on NGINX web server
Restart webserver without entering a password?
htaccess pcfg_openfile: unable to check htaccess file, ensure it is readable and that '/files/domain.com/public_html/images/' is executable
If you use HTTPS will your URL params will be safe from sniffing?
Dart http.MultipartRequest not sending data to Lumen after relocating server to a different apache server, Postman works fine
How to install/configure mod_reqtimeout in Apache
RewriteCond not working on force https for HTTP_HOST
Can't Access SOAP Web Service Over HTTPS