So I have a server with an SSL cert. It requires a passphrase every time I restart. This is slightly annoying. So one of my coworkers recommended the following:
- create a simple perl script that prints the password
- in the ssl.conf file change SSLPassPhraseDialog builtin to SSLPassPhraseDialog exec:/location/to/passphrase.pl
- restart apache
It works beautifully. I am of course writing this down because I will forget what he told me in like 5 minutes.
My other co-worker pointed me to: http://www.madboa.com/geek/openssl/#key-removepass so I can get rid of it all together.
Still useful to know the other thing (like in the event of a scheduled power outage…I don’t want someone to have extra work but I still want to keep the SSL password)
I’m not sure there’s any benefit to keeping the password, if you’re just going to put it in plaintext in a perl script anyway. What’s the benefit of not just turning off the need for a password?
well my benefit is that the power is going out over the weekend and i want it to be down for as l
well my benefit is that the power is going out over the weekend and i want it to be down for as little as possible. after that weekend i removed the script. basically its laziness. but i have doubts as to how important the password is anyway.
so the only thing its protecting is apache right? but if you’re restarting apache you’re probably on the server, at which point i’m screwed. so yeah…i don’t know what the point of that password is, unless there is something i’m unaware of with the SSL cert and the company that provides it. i don’t get ssl anyway so i’m the wrong person to ask about such things.