Stephan, Ok - I tried this and here is what I got:
[r...@web-prod3 ssl.key]# openssl rsa -in hi.sonburst.key.org -out hi.sonburst.com Enter pass phrase for hi.sonburst.key.org: 8060:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:847:You must type in 4 to 8191 characters Enter pass phrase for hi.sonburst.key.org: 8060:error:28069065:lib(40):UI_set_result:result too small:ui_lib.c:847:You must type in 4 to 8191 characters Enter pass phrase for hi.sonburst.key.org: writing RSA key [r...@web-prod3 ssl.key]# chmod 0400 hi.sonburst.key [r...@web-prod3 ssl.key]# I had to type in the password to get by it. I have no idea if the process worked. I now have a new key though. Should I copy back the old key? -Mark -----Original Message----- From: Stefan Gudmundsson [mailto:[email protected]] Sent: Friday, January 15, 2010 8:50 AM To: cf-linux Subject: Re: Cert and pass phrase You can make apache load the key without passphrase. Make a copy of the key, to keep the original intact: # cp mykey.key mykey.key.org Then do: # openssl rsa -in mykey.key.org -out mykey.key # chmod 0400 mykey.key / Stefan G >Tom, > >Ok... Thanks... I'll give one of those a shot. > > >Mark A. Kruger, CFG, MCSE >(402) 408-3733 ext 105 >www.cfwebtools.com >www.coldfusionmuse.com >www.necfug.com > > >> Ok... so I was so proud that I figured out how to renew a cert on >> Linux - but now everytime I restart apache it asks for a passphrase >> for >that cert. >> Any ideas how to fix that? > >You mean for SSL ? You shouldn't have created your private key with a >password :-) > >I.e. when >#openssl genrsa -des3 -rand file1:file2:file3:file4:file5 -out >server.key >1024 asked for one, just press enter. > >Apparently >#openssl rsa -in server.key -out server.pem should remove the pass phrase. > >You may also be able to re-generate the server keyfile and get your >certifcate authority to reissue, or I think you can have Apache call a >program to get the pass phrase, so you just need to make one that echos >it out. > >I have http://slacksite.com/apache/certificate.php bookmarked :-) > >-- >Helping to professionally generate high-end collaborative >mission-critical impactful developments as part of the IT team of the >year, '09 and '08 > >**************************************************** > >This email is sent for and on behalf of Halliwells LLP. > >Halliwells LLP is a limited liability partnership registered in England >and Wales under registered number OC307980 whose registered office >address is at Halliwells LLP, 3 Hardman Square, Spinningfields, >Manchester, M3 3EB. A list of members is available for inspection at >the registered office together with a list of those non members who are referred to as partners. >We use the word "partner" to refer to a member of the LLP, or an >employee or consultant with equivalent standing and qualifications. >Regulated by the Solicitors Regulation Authority. > >CONFIDENTIALITY > >This email is intended only for the use of the addressee named above >and may be confidential or legally privileged. If you are not the >addressee you must not read it and must not use any information >contained in nor copy it nor inform any person other than Halliwells >LLP or the addressee of its existence or contents. If you have >received this email in error please delete it and notify Halliwells LLP IT Department on 0870 365 2500. > >For more information about Halliwells LLP visit www.halliwells.co ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Want to reach the ColdFusion community with something they want? Let them know on the House of Fusion mailing lists Archive: http://www.houseoffusion.com/groups/cf-linux/message.cfm/messageid:4520 Subscription: http://www.houseoffusion.com/groups/cf-linux/subscribe.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.14
