SSLPassPhraseDialog & several certificates

Greetings,

I need setup new virtualhost with ssl certificate, and i dont want enter
passwords every time when apache restarts. When i have only one
certificate i use:

SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl

I try set two SSLPassPhraseDialog with two different exec scripts, but
apache could not start. When i enter password manually - everything is ok.

So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?

I use latest apache 1.3 with latest mod_ssl

Thanks.

--
Konstantin N. Bezruchenko | BK5536-RIPE
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLPassPhraseDialog & several certificates

------=_Part_16392_16194582.1138623354886
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 1/28/06, Konstantin N. Bezruchenko wrote:
>
> Greetings,
>
> I need setup new virtualhost with ssl certificate, and i dont want enter
> passwords every time when apache restarts. When i have only one
> certificate i use:
>
> SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl
>
> I try set two SSLPassPhraseDialog with two different exec scripts, but
> apache could not start. When i enter password manually - everything is ok=
..
>
> So how can i use SSLPassPhraseDialog for 2 certificates what require
> passwords?


Why not save the certificates without passphrases?



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" -- Cardinal Paul Poupard
"It morphs into the Republican party!" -- BJ

------=_Part_16392_16194582.1138623354886
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

Re: SSLPassPhraseDialog & several certificates

Greetings,

BJ Swope wrote:

>> So how can i use SSLPassPhraseDialog for 2 certificates what require
>> passwords?
>
> Why not save the certificates without passphrases?

Because we already have password-protected certificates, and as i know
we cant remove password protection from existing certificate.

--
Konstantin N. Bezruchenko | BK5536-RIPE
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLPassPhraseDialog & several certificates

To remove the passphrase (on the key, not the certificate):

cp a.key temp
openssl rsa -in temp -out a.key




On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote:

> Greetings,
>
> BJ Swope wrote:
>
> >> So how can i use SSLPassPhraseDialog for 2 certificates what require
> >> passwords?
> >
> > Why not save the certificates without passphrases?
>
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.
>
> --
> Konstantin N. Bezruchenko | BK5536-RIPE
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLPassPhraseDialog & several certificates

On 1/30/06, Konstantin N. Bezruchenko wrote:
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.

That's not correct. Your certificate is not password protected...
your private key is. And you can definitely remove the password from
the private key.

From the OpenSSL documentation:

To remove the pass phrase on an RSA private key:
openssl rsa -in key.pem -out keyout.pem

To remove the pass phrase on a DSA private key:
openssl dsa -in key.pem -out keyout.pem

Hope this helps.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: SSLPassPhraseDialog & several certificates

------=_Part_18799_14095359.1138715738996
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 1/30/06, Cliff Woolley wrote:
>
> On 1/30/06, Konstantin N. Bezruchenko wrote:
> > Because we already have password-protected certificates, and as i know
> > we cant remove password protection from existing certificate.
>
> That's not correct. Your certificate is not password protected...
> your private key is. And you can definitely remove the password from
> the private key.
>
> From the OpenSSL documentation:
>
> To remove the pass phrase on an RSA private key:
> openssl rsa -in key.pem -out keyout.pem
>
> To remove the pass phrase on a DSA private key:
> openssl dsa -in key.pem -out keyout.pem


Thanks for the correction. Guess I was close but no cigar...



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" -- Cardinal Paul Poupard
"It morphs into the Republican party!" -- BJ

------=_Part_18799_14095359.1138715738996
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline