Restart webserver without entering a password?

apache-2.2 security ssl nginx https
24,953

Solution 1

See Warner's Answer to almost the exact same question a day or two ago.

Solution 2

Answering each question in turn:

1) Is there a way to automatically provide the PEM pass phrase when the webserver is restarted?

Apache has the SSLPassPhraseDialog to automatically answer the SSL pass phrase question.

2) do I have to get the SSL certificate re-issued using a key where the pass phrase has been removed?

The pass prase can be removed from the key without needing to get the certificate re-issued. The key is your secret and you can do anything you want with it including making it unsecure:

> cp server.key server.key.org
> openssl rsa -in server.key.org -out server.key
[enter the passphrase]

3) If I remove the pass phrase, what are the security implications? Is it anything to worry about?

Yes, if the private key is no longer encrypted, it is critical that this file only be readable by the root user. If your system is ever compromised and a third party obtains your unencrypted private key, the corresponding certificate will need to be revoked immediately or the attack could put up a website pretending to be yours.

Share:
24,953

Related videos on Youtube

Tom
Author by

Tom

Updated on September 17, 2022

Comments

  • Tom
    Tom over 1 year

    Possible Duplicate:
    stop apache from asking for SSL password each restart

    When I created my SSL certificate I used a pass phrase in the key. Whenever I restart my web server (Apache or Nginx) they ask for a password:

    Apache:

    Some of your private key files are encrypted for security reasons. In order to read them you have to provide the pass phrases.

    Server www.example:443 (RSA)

    Enter pass phrase:

    Nginx:

    Starting nginx: Enter PEM pass phrase:

    Entering the password each time is fast getting annoying and I'm worried about downtime when the machine is next rebooted.

    Is there a way to automatically provide the PEM pass phrase when the webserver is restarted? or do I have to get the SSL certificate re-issued using a key where the pass phrase has been removed?

    If I remove the pass phrase, what are the security implications? Is it anything to worry about?

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Does renewing SSL certificate require re-issuing the cert?
Nginx config to proxy pass to external ip and port (https -> http)
Redirect HTTP to HTTPS from Nginx is not working
How to fix PR_END_OF_FILE_ERROR when using nginx with ssl?
Nginx server closes ssl connection for some clients
Why do I get browser warnings on my new lets encrypt ssl setup?
SSL session persistence and secure cookies
How to compare SSL certificates using AFNetworking
Error code: ssl_error_rx_record_too_long for https in nginx on ruby on rails application
nginx: forward ssl connection to another server