Skip to Content

Removing the pass-phrase at Apache startup time

Because the RSA private key inside the server.key file is stored in encrypted format for security reasons, the pass-phrase is required to read and parse this file. When you are sure that your server is secure enough, perform the following procedure.

To remove the pass-phrase at Apache startup time

  1. Remove the encryption from the RSA private key while preserving the original file:

    $ cp server.key server.key.org
    $ \pw\ApacheGroup\Apache\bin\openssl rsa -in server.key.org -out server.key 

  2. Ensure that server.keyis now readable only by root:

    $ chmod 400 server.key

    The server.key file contains an unencrypted copy of the key. When the Apache server starts, it does not prompt you for a pass-phrase. If anyone gains access to this key, they are able to impersonate you on the Internet. Ensure that permissions on that file only allow root or the Web server user to read it. For example, configure your Web server to start as root but run as another server, and configure the key to be readable only by root.

 

 

 

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC ProactiveNet 9.6