Re: SSLPassPhraseDialog & several certificates
On 1/30/06, Cliff Woolley <[EMAIL PROTECTED]> wrote: On 1/30/06, Konstantin N. Bezruchenko <[EMAIL PROTECTED]> wrote:> Because we already have password-protected certificates, and as i know> we cant remove password protection from existing certificate. That's not correct. Your certificate is not password protected...your private key is. And you can definitely remove the password fromthe private key.From the OpenSSL documentation:To remove the pass phrase on an RSA private key: openssl rsa -in key.pem -out keyout.pemTo remove the pass phrase on a DSA private key:openssl dsa -in key.pem -out keyout.pem Thanks for the correction. Guess I was close but no cigar... -- "But we also know the dangers of a religion that severs its links with reason and becomes prey to fundamentalism" -- Cardinal Paul Poupard"It morphs into the Republican party!" -- BJ
R: SSLPassPhraseDialog & several certificates
You can remove the password with the command openssl rsa -in name_of_the_file_with_the_password-protected_private_key -out name_of_the_file_without_password In the output file there is just the private key, so if in the original file contains also the certificate, you have to concatenate the decrypted private key with the certificate. Claudio Campetto > -Messaggio originale- > Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > Per conto di Konstantin N. Bezruchenko > Inviato: lunedì 30 gennaio 2006 13.39 > A: modssl-users@modssl.org > Oggetto: Re: SSLPassPhraseDialog & several certificates > > Greetings, > > BJ Swope wrote: > > >> So how can i use SSLPassPhraseDialog for 2 certificates what > require > >> passwords? > > > > Why not save the certificates without passphrases? > > Because we already have password-protected certificates, and as i know > we cant remove password protection from existing certificate. > > -- > Konstantin N. Bezruchenko | BK5536-RIPE > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager[EMAIL PROTECTED] __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSLPassPhraseDialog & several certificates
On 1/30/06, Konstantin N. Bezruchenko <[EMAIL PROTECTED]> wrote: > Because we already have password-protected certificates, and as i know > we cant remove password protection from existing certificate. That's not correct. Your certificate is not password protected... your private key is. And you can definitely remove the password from the private key. >From the OpenSSL documentation: To remove the pass phrase on an RSA private key: openssl rsa -in key.pem -out keyout.pem To remove the pass phrase on a DSA private key: openssl dsa -in key.pem -out keyout.pem Hope this helps. --Cliff __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSLPassPhraseDialog & several certificates
To remove the passphrase (on the key, not the certificate): cp a.key temp openssl rsa -in temp -out a.key On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote: > Greetings, > > BJ Swope wrote: > > >> So how can i use SSLPassPhraseDialog for 2 certificates what require > >> passwords? > > > > Why not save the certificates without passphrases? > > Because we already have password-protected certificates, and as i know > we cant remove password protection from existing certificate. > > -- > Konstantin N. Bezruchenko | BK5536-RIPE > __ > Apache Interface to OpenSSL (mod_ssl) www.modssl.org > User Support Mailing List modssl-users@modssl.org > Automated List Manager[EMAIL PROTECTED] > __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSLPassPhraseDialog & several certificates
Greetings, BJ Swope wrote: So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? Why not save the certificates without passphrases? Because we already have password-protected certificates, and as i know we cant remove password protection from existing certificate. -- Konstantin N. Bezruchenko | BK5536-RIPE __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]
Re: SSLPassPhraseDialog & several certificates
On 1/28/06, Konstantin N. Bezruchenko <[EMAIL PROTECTED]> wrote: Greetings,I need setup new virtualhost with ssl certificate, and i dont want enterpasswords every time when apache restarts. When i have only onecertificate i use:SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl I try set two SSLPassPhraseDialog with two different exec scripts, butapache could not start. When i enter password manually - everything is ok.So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? Why not save the certificates without passphrases? -- "But we also know the dangers of a religion that severs its links with reason and becomes prey to fundamentalism" -- Cardinal Paul Poupard"It morphs into the Republican party!" -- BJ
SSLPassPhraseDialog & several certificates
Greetings, I need setup new virtualhost with ssl certificate, and i dont want enter passwords every time when apache restarts. When i have only one certificate i use: SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl I try set two SSLPassPhraseDialog with two different exec scripts, but apache could not start. When i enter password manually - everything is ok. So how can i use SSLPassPhraseDialog for 2 certificates what require passwords? I use latest apache 1.3 with latest mod_ssl Thanks. -- Konstantin N. Bezruchenko | BK5536-RIPE __ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List modssl-users@modssl.org Automated List Manager[EMAIL PROTECTED]