Starting Apache With a Password Protected Certificate Key – How to Avoid Entering Password

By | May 9, 2013

Recently I’ve had a problem with a server that had an SSL certificate installed. By default, SSL configuration requires a password protected key. If you have the same configuration and you’re trying to make apache starting on server boot, you have to input the password every time when it is booted. It is ok if you have a kvm or physical access to your server. If you don’t have any of these – you won’t be able to boot your server at all, you will have to ask the hosting support to do this for you. So, here are some basic solution to avoid this.

1. chkconfig httpd off will disable Apache and will allow your server to boot without any prompt screens.  This way you will have to start apache manually every time you reboot your server. This method is more secure, but it will require some manual work to be done.

2. If you are sure about server security, you can create a key without password. First of all, locate the key file (you should search /etc/httpd/conf.d/ssl.conf for SSLCertificateKeyFile line – there should be the path to key file. If you have more than one key used, you should repeat this for all domains. Next, you need to do the following:

[root@hosted-by ~]# openssl rsa -in lampdocs.key -out lampdocsnokey.key

This code will ask for key password once and will create a key, that does not require password at all. Next thing you need to do is to update SSLCertificateKeyFile line in ssl.conf with the new key file name.  After this simple procedure you won’t be asked for a password on each Apache reboot.

You can chhose the second method only if you are sure about your server security. Nobody should have access to the certificate key file made without a password.

Leave a Reply