Aaron Dalton wrote:
AFAIK there is no way around this. If you do not want Apache to wait
for a pass phrase, you have to strip the private key of encryption.
This of course has multiple security problems, but I'm afraid those are
your only options that I am aware of.
$ openssl rsa -in encryptedkey.pem -out strippedkey.pem
Of course providing a passphrase response program introduces just as many
(if not more) security problems. Your best bet is to make certain that
strippedkey.pem is previously touch'ed, chmod'ded 600 and owned by root
before you invoke the command, above.
Provided you start apache as root and have it setuid to another
User/Group, this is the safest course. The certs/keys will be slurped up
during the config phase, and while the server is running no cgi would have
access to its contents.
Bill
---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
" from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
