stop apache from asking for SSL password each restart [duplicate]
You want to remove the passphrase from a key file. Run this:
openssl rsa -in key.pem -out newkey.pem
Be aware that this means that anyone with physical access to the server can copy (and thereby abuse) the key.
I've been guilty of removing the passphrase from my own key files in the past, because it's the simplest solution, but security-wise, it's not the best idea. An alternative is to feed the passphrase to Apache. You can do this with the SSLPassPhraseDialog
option in your httpd.conf
(or another file that it includes).
If you only have one SSL site on your server, the simplest form of this would be:
# either of these will work
SSLPassPhraseDialog |/path/to/passphrase-script
SSLPassPhraseDialog exec:/path/to/passphrase-script
You would then create a very simple script called /path/to/passphrase-script
that contains something like the following:
#!/bin/sh
echo "put the passphrase here"
When starting up, Apache will take the output of this script and use it as the passphrase for your SSL key. If you have multiple SSL sites, SSLPassPhraseDialog
has additional ways in which it can be used, so you can either have a single script for all of your keys, or a separate script for each, or however you want to do it.