I just added an SSL certificate to Apache. The problem is that Apache runs on system startup and after my server turns on, Apache runs but doesn't run. I put in the IP address of my computer and my browser just keeps trying to connect. I see a spinning circle.
Then I get on my server, kill all Apache-related processes, and run sudo service apache2 restart
. Because of the sudo
I am prompted for my super-user password, but after I put it in, Apache asks for the password for the .key file. I put it in and then Apache works fine. The SSL even works.
So why does Apache not work until I restart it? Is it because it wants me to put in the password every startup? If so, how do I do that on my Xubuntu server? Can I make it so I won't have to put it in every time?
It appears that the private key for your SSL certificate is password-protected. To test whether this is really the case, examine the beginning of your keyfile using the command head -3 your.key
. This private key is encrypted:
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,C251E8A1254B933D763703EE1C364AB7
This file is not encrypted:
-----BEGIN RSA PRIVATE KEY-----
MIIEowIBAAKCAQEAvbeWtO9nQP4cFFuhGrOM/WQ73oTQHU7mzZB9CaA3R2iwjDNz
wwlDtT9tfo0tCC2ib9STfeM6AYrdI3wauzCu7AV4CFGSMP3HLX8DJuk8zzbdQHHv
To remove the password from a RSA private key, use the following command:
umask 077
mv your.key old-with-pass.key
openssl rsa -in old-with-pass.key -out your.key
The umask 077
command is necessary to ensure that the new key is not created with overly relaxed permissions. Alternatively, you can manually change the mode of the file with chmod 400 new.key
. Depending on the location of the key, you might have to prefix the openssl
, mv
and chmod
commands with sudo
.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments