Skip to Content

Removing the pass-phrase window displayed during Apache startup

The RSA private key inside the server.key file is stored in encrypted format for security reasons. The pass-phrase window is displayed at startup and every restart because the pass-phrase is required to decrypt the RSA private key so that it can be read and parsed. You should be aware that removing the pass-phrase removes a layer of security from your server.

To remove the pass-phrase window displayed during Apache startup

  1. Remove the encryption from the RSA private key (while keeping a backup copy of the original file) by following the steps given below:

    $ cp server.key server.key.org
    $ openssl rsa -in server.key.org -out server.key 
  2. Ensure that the server.keyfile is readable only by root:
$ chmod 400 server.key

Now server.key contains an unencrypted copy of the key. Directing your server to the server.key file removes the prompt for the pass-phrase.

Error
Warning

If anyone obtains this key, they are able to impersonate you on the Internet. Therefore, it is very important that you ensure that the permissions on this file are such that only root or the Web server user can read it (It is recommended that you start the Web server as root but run it as another user, and have the key readable only by root).
 As an alternative approach you can use the 'SSLPassPhraseDialog exec:/path/to/program' facility. But remember that this is neither more nor less secure.

 

Tip: For faster searching, add an asterisk to the end of your partial query. Example: cert*

BMC ProactiveNet 9.6