apache:use_password_protected_certificates
Differences
This shows you the differences between two versions of the page.
| Both sides previous revisionPrevious revision | |||
| apache:use_password_protected_certificates [2020/07/15 09:30] – external edit 127.0.0.1 | apache:use_password_protected_certificates [2023/07/17 11:06] (current) – removed peter | ||
|---|---|---|---|
| Line 1: | Line 1: | ||
| - | ====== Apache - Use password protected certificates ====== | ||
| - | |||
| - | A lot of people remove the passphrase from their own key files because it's the simplest solution, but security-wise, | ||
| - | |||
| - | An alternative is to feed the passphrase to Apache. You can do this with the **SSLPassPhraseDialog** option in the httpd.conf (or another file that it includes). | ||
| - | |||
| - | If you only have one SSL site on your server, the simplest form of this would be: | ||
| - | |||
| - | <file bash / | ||
| - | # either of these will work | ||
| - | SSLPassPhraseDialog |/ | ||
| - | SSLPassPhraseDialog exec:/ | ||
| - | </ | ||
| - | |||
| - | |||
| - | You would then create a very simple script called **/ | ||
| - | |||
| - | <file bash / | ||
| - | #!/bin/sh | ||
| - | echo "put the passphrase here" | ||
| - | </ | ||
| - | |||
| - | <WRAP warning> | ||
| - | **WARNING**: | ||
| - | </ | ||
| - | |||
| - | When starting up, Apache will take the output of this script and use it as the passphrase for the SSL key. If you have multiple SSL sites, **SSLPassPhraseDialog** has additional ways in which it can be used, so you can either have a single script for all of your keys, or a separate script for each, or however you want to do it. | ||
apache/use_password_protected_certificates.1594805433.txt.gz · Last modified: 2020/07/15 09:30 by 127.0.0.1