I'd suggest using expect(1) , and write a script, such as the following --cut here-- #!/usr/local/bin/expect -- exp_version -exit 5.0 # Here is your password set pword "53cr37" #spawn /usr/bin/kill -TERM `/usr/bin/cat /path/to/logs/httpd.pid` spawn /path/to/bin/apachectl stop sleep 3 spawn /path/to/bin/apachectl startssl sleep 6 expect "phrase" send "$pword\r" --end cut-- Enjoy --Ron ----- Original Message ----- From: Daniel Mettler <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, May 07, 2000 4:17 PM Subject: encrypted keys: how to submit the passphrase to a script? > hi all, > > i already wrote to this mailinglist a few weeks ago without > getting any answer so far :-( > > my preconditions: > ***************** > > - i use passphrase encrypted keys > > - all settings in httpd.conf related to mod_ssl are correct > > - among these settings i use: > > > SSLPassPhraseDialog builtin > > - httpd gets started through a bash-script (suse's > /sbin/init.d/apache) > > - this script basically does the following: > > > startproc -t 7 /usr/sbin/httpd -f /etc/httpd/httpd.conf $MODULES || return=$rc_failed > > where $MODULES is a list of dynamically evaluated "-D" options > for apache (they are okay) > > my problem: > *********** > > - i get prompted to enter the passphrase when i execute apache > directly like > > > /usr/sbin/httpd -f /etc/httpd/httpd.conf -D SSL -D PERL (etc.) > > like this i enter the passphrase at the prompt and everything > works fine (apache starts) > > - but when i use the script as mentionend above i do *not* get > prompted to enter the passphrase, instead apache prints an > error-message (private key not found etc. -> due to the missing > passphrase, as expected) > > my desired postconditions: > ************************** > > - i do not want to use the SSLPassPhraseDialog exec:/blabla > option as this is not safer than having not encrypted keys > > - i do not like to start httpd directly as i like the script > which dynamically sets the correct "-D" options for apache > (depending on which modules are installed) > > - i would like to modify this script (~ the command-line above) > the way that i can give my passphrase as the second command-line > parameter ($2). i already tried to do some piping like > > > yes mypassphrase | startproc -t 7 /usr/sbin/httpd -f /etc/httpd/httpd.conf $MODULES || return=$rc_failed > > and > > > startproc -t 7 /usr/sbin/httpd -f /etc/httpd/httpd.conf $MODULES < `echo mypassphrase` || return=$rc_failed > > but anything worked. i also replaced 'mypassphrase' with $2, it > did not work either. > > i do not know whether this problem is just a problem of > bash-scripting or whether apache somehow does not accept these > pipes. i would be happy too if there just was a command-line > option for httpd to set the passphrase > > i really hope that you can help me > > thanks > > daniel > > -- > Daniel Mettler http://www.icu.unizh.ch/~mettlerd > > make config. not war. > > > ______________________________________________________________________ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List [EMAIL PROTECTED] > Automated List Manager [EMAIL PROTECTED] ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
