Question

8

How to make Apache 2 stop asking for a password for an SSL certificate?

rated 0 times [ 8] [ 0] / answers: 1 / hits: 40943 / 1 Year ago, sat, november 26, 2022, 7:08:07

I just added an SSL certificate to Apache. The problem is that Apache runs on system startup and after my server turns on, Apache runs but doesn't run. I put in the IP address of my computer and my browser just keeps trying to connect. I see a spinning circle.

Then I get on my server, kill all Apache-related processes, and run sudo service apache2 restart. Because of the sudo I am prompted for my super-user password, but after I put it in, Apache asks for the password for the .key file. I put it in and then Apache works fine. The SSL even works.

So why does Apache not work until I restart it? Is it because it wants me to put in the password every startup? If so, how do I do that on my Xubuntu server? Can I make it so I won't have to put it in every time?

Answers

Only authorized users can answer the question. Please sign in first, or register a free account.

intssive

Add To Favorites

Follow

Total Points: 493

Total Questions: 119

Total Answers: 101

Location: Liberia

Member since Mon, Feb 1, 2021

3 Years ago

intssive questions

1 Pop-up window goes blank when adding Google account in GNOME Control Center

Sat, Apr 29, 23, 16:30, 1 Year ago

1 Monitor issues after kernel update 5.13.0-28

Tue, Mar 21, 23, 08:19, 1 Year ago

1 How to revert Firefox 89 to the old design

Wed, Aug 31, 22, 04:04, 2 Years ago

1 apt-broke after trying to install cuda

Sat, Sep 25, 21, 15:09, 3 Years ago

1 Swapping one character in filename with another

Fri, Dec 31, 21, 09:13, 2 Years ago

View All

answered 1 Year ago calcur · Accepted Answer

It appears that the private key for your SSL certificate is password-protected. To test whether this is really the case, examine the beginning of your keyfile using the command head -3 your.key. This private key is encrypted:

-----BEGIN RSA PRIVATE KEY-----

Proc-Type: 4,ENCRYPTED

DEK-Info: AES-128-CBC,C251E8A1254B933D763703EE1C364AB7

This file is not encrypted:

-----BEGIN RSA PRIVATE KEY-----

MIIEowIBAAKCAQEAvbeWtO9nQP4cFFuhGrOM/WQ73oTQHU7mzZB9CaA3R2iwjDNz

wwlDtT9tfo0tCC2ib9STfeM6AYrdI3wauzCu7AV4CFGSMP3HLX8DJuk8zzbdQHHv

To remove the password from a RSA private key, use the following command:

umask 077

mv your.key old-with-pass.key

openssl rsa -in old-with-pass.key -out your.key

The umask 077 command is necessary to ensure that the new key is not created with overly relaxed permissions. Alternatively, you can manually change the mode of the file with chmod 400 new.key. Depending on the location of the key, you might have to prefix the openssl, mv and chmod commands with sudo.