Greetings,

I need setup new virtualhost with ssl certificate, and i dont want enter
passwords every time when apache restarts. When i have only one
certificate i use:

SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl

I try set two SSLPassPhraseDialog with two different exec scripts, but
apache could not start. When i enter password manually - everything is ok.

So how can i use SSLPassPhraseDialog for 2 certificates what require
passwords?

I use latest apache 1.3 with latest mod_ssl

Thanks.

--
Konstantin N. Bezruchenko | BK5536-RIPE
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

------=_Part_16392_16194582.1138623354886
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 1/28/06, Konstantin N. Bezruchenko <bk [at] syshalt.com> wrote:
>
> Greetings,
>
> I need setup new virtualhost with ssl certificate, and i dont want enter
> passwords every time when apache restarts. When i have only one
> certificate i use:
>
> SSLPassPhraseDialog exec:/path/to/apache/bin/startssl.pl
>
> I try set two SSLPassPhraseDialog with two different exec scripts, but
> apache could not start. When i enter password manually - everything is ok=
..
>
> So how can i use SSLPassPhraseDialog for 2 certificates what require
> passwords?


Why not save the certificates without passphrases?



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" -- Cardinal Paul Poupard
"It morphs into the Republican party!" -- BJ

------=_Part_16392_16194582.1138623354886
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<br><br><div><span class=3D"gmail_quote">On 1/28/06, <b class=3D"gmail_send=
ername">Konstantin N. Bezruchenko</b> <<a href=3D"mailto:bk [at] syshalt.com"=
>bk [at] syshalt.com</a>> wrote:</span><blockquote class=3D"gmail_quote" styl=
e=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; =
padding-left: 1ex;">
Greetings,<br><br>I need setup new virtualhost with ssl certificate, and i =
dont want enter<br>passwords every time when apache restarts. When i have o=
nly one<br>certificate i use:<br><br>SSLPassPhraseDialog exec:/path/to/apac=
he/bin/startssl.pl
<br><br>I try set two SSLPassPhraseDialog with two different exec scripts, =
but<br>apache could not start. When i enter password manually - everything =
is ok.<br><br>So how can i use SSLPassPhraseDialog for 2 certificates what =
require
<br>passwords?</blockquote><div><br>
Why not save the certificates without passphrases? <br>
</div><br></div><br clear=3D"all"><br>-- <br>"But we also know the
dangers of a religion that severs its links with reason and becomes
prey to fundamentalism" --  Cardinal Paul Poupard<br>"I=
t morphs into the Republican party!"  -- BJ

------=_Part_16392_16194582.1138623354886--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

Greetings,

BJ Swope wrote:

>> So how can i use SSLPassPhraseDialog for 2 certificates what require
>> passwords?
>
> Why not save the certificates without passphrases?

Because we already have password-protected certificates, and as i know
we cant remove password protection from existing certificate.

--
Konstantin N. Bezruchenko | BK5536-RIPE
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

To remove the passphrase (on the key, not the certificate):

cp a.key temp
openssl rsa -in temp -out a.key




On Mon, 30 Jan 2006, Konstantin N. Bezruchenko wrote:

> Greetings,
>
> BJ Swope wrote:
>
> >> So how can i use SSLPassPhraseDialog for 2 certificates what require
> >> passwords?
> >
> > Why not save the certificates without passphrases?
>
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.
>
> --
> Konstantin N. Bezruchenko | BK5536-RIPE
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users [at] modssl.org
> Automated List Manager majordomo [at] modssl.org
>
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

On 1/30/06, Konstantin N. Bezruchenko <bk [at] syshalt.com> wrote:
> Because we already have password-protected certificates, and as i know
> we cant remove password protection from existing certificate.

That's not correct. Your certificate is not password protected...
your private key is. And you can definitely remove the password from
the private key.

From the OpenSSL documentation:

To remove the pass phrase on an RSA private key:
openssl rsa -in key.pem -out keyout.pem

To remove the pass phrase on a DSA private key:
openssl dsa -in key.pem -out keyout.pem

Hope this helps.

--Cliff
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org

------=_Part_18799_14095359.1138715738996
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On 1/30/06, Cliff Woolley <jwoolley [at] apache.org> wrote:
>
> On 1/30/06, Konstantin N. Bezruchenko <bk [at] syshalt.com> wrote:
> > Because we already have password-protected certificates, and as i know
> > we cant remove password protection from existing certificate.
>
> That's not correct. Your certificate is not password protected...
> your private key is. And you can definitely remove the password from
> the private key.
>
> From the OpenSSL documentation:
>
> To remove the pass phrase on an RSA private key:
> openssl rsa -in key.pem -out keyout.pem
>
> To remove the pass phrase on a DSA private key:
> openssl dsa -in key.pem -out keyout.pem


Thanks for the correction. Guess I was close but no cigar...



--
"But we also know the dangers of a religion that severs its links with
reason and becomes prey to fundamentalism" -- Cardinal Paul Poupard
"It morphs into the Republican party!" -- BJ

------=_Part_18799_14095359.1138715738996
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

<br><br><div><span class=3D"gmail_quote">On 1/30/06, <b class=3D"gmail_send=
ername">Cliff Woolley</b> <<a href=3D"mailto:jwoolley [at] apache.org">jwooll=
ey [at] apache.org</a>> wrote:</span><blockquote class=3D"gmail_quote" style=
=3D"border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; p=
adding-left: 1ex;">
On 1/30/06, Konstantin N. Bezruchenko <<a href=3D"mailto:bk [at] syshalt.com"=
>bk [at] syshalt.com</a>> wrote:<br>> Because we already have password-pro=
tected certificates, and as i know<br>> we cant remove password protecti=
on from existing certificate.
<br><br>That's not correct.  Your certificate is not password pro=
tected...<br>your private key is.  And you can definitely remove =
the password from<br>the private key.<br><br>From the OpenSSL documentation=
:<br><br>To remove the pass phrase on an RSA private key:
<br>    openssl rsa -in key.pem -out keyout.pem<br><br>=
To remove the pass phrase on a DSA private key:<br>    =
openssl dsa -in key.pem -out keyout.pem</blockquote><div><br>
Thanks for the correction.  Guess I was close but no cigar... <br>
</div><br></div><br clear=3D"all"><br>-- <br>"But we also know the
dangers of a religion that severs its links with reason and becomes
prey to fundamentalism" --  Cardinal Paul Poupard<br>"I=
t morphs into the Republican party!"  -- BJ

------=_Part_18799_14095359.1138715738996--
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users [at] modssl.org
Automated List Manager majordomo [at] modssl.org