View Single Post
  #2  
Old 21st August 2006, 18:44
jarkand jarkand is offline
Junior Member
 
Join Date: Aug 2006
Location: Germany (the very south)
Posts: 2
Thanks: 0
Thanked 0 Times in 0 Posts
Send a message via AIM to jarkand
Default

OK, I found one solution but I'm not very happy with it because it reduces the cert security level.

To get rid of the pass phrase request, simply create a new key without the -des3 (or what ever you've chosen) option.

Here's a very short (I'm sure you'll find these information 1 billion times on the net much better described than here) how to Apache-SSL / Apache ModSSL key and CSR Generation without pass phrase instructions:

1. Generate the private key
Code:
openssl genrsa –out yourdomain.com.key 1024
Quote:
insted of: openssl genrsa –des3 yourdomain.com.key 1024
2. Generate the CSR
Code:
openssl req –new –key yourdomain.com.key –out yourdomain.com.csr
3. Request the CRT from a CA Unit or create your own one.

4. Edit Apache's conf and restart.

Apache will never again ask you to enter the pass for your privat key and you don't have to worry about cron jobs that require to restart Apache.

Quote:
WARNING: Use this way only if you absolutely trust the server, and you make sure the permissions are carefully set!
Ohh, btw, any commends STILL appreciated...
Mik
Reply With Quote