Re: [SLE] Apache start very slooow...
On Wed, Feb 15, 2006 at 04:56:34PM +0100, poeml@cmdline.net wrote:
It needs to be improved inside apache. Or an external program could be used to query for the passphrase -- and it could run on another virtual console (like vt8), but asynchroneously.
Unfortunately, the apache itself will wait forever for a passphrase, it doesn't have a timeout yet, so this is not very suitable for booting.
It would be OK to wait forever if it would not block the boot process. Thus, as you mentioned above, running it asynchroneously on another console would be perfectly OK (IMHO). But I still don't understand why apache don't start serving until the timeout is expired.
it is also possible that multiple certificates are configured, and multiple passphrases need to be entered for decryption.
When running async on a different console, this would be OK, too.
BTW, My personal workaround (so far) is to either put the passphrase(s) onto disk,
Then you don't need a passphrase at all :-(
I will put this as enhancement request into bugzilla, so it doesn't get lost.
Thanks!
On Wed, Feb 15, 2006 at 06:02:15PM +0100, Josef Wolf wrote:
On Wed, Feb 15, 2006 at 04:56:34PM +0100, poeml@cmdline.net wrote:
It needs to be improved inside apache. Or an external program could be used to query for the passphrase -- and it could run on another virtual console (like vt8), but asynchroneously.
Unfortunately, the apache itself will wait forever for a passphrase, it doesn't have a timeout yet, so this is not very suitable for booting.
It would be OK to wait forever if it would not block the boot process. Thus, as you mentioned above, running it asynchroneously on another console would be perfectly OK (IMHO).
But I still don't understand why apache don't start serving until the timeout is expired.
it is also possible that multiple certificates are configured, and multiple passphrases need to be entered for decryption.
When running async on a different console, this would be OK, too.
BTW, My personal workaround (so far) is to either put the passphrase(s) onto disk,
Then you don't need a passphrase at all :-(
I will put this as enhancement request into bugzilla, so it doesn't get lost.
Thanks!
It is now tracked here: https://bugzilla.novell.com/show_bug.cgi?id=151200 Thanks again, Peter -- When in danger, or in doubt, run in circles, scream and shout. -- Robert A. Heinlein
On Mon, 20 Feb 2006 13:46:20 +0100, you wrote:
On Wed, Feb 15, 2006 at 06:02:15PM +0100, Josef Wolf wrote:
On Wed, Feb 15, 2006 at 04:56:34PM +0100, poeml@cmdline.net wrote:
It needs to be improved inside apache. Or an external program could be used to query for the passphrase -- and it could run on another virtual console (like vt8), but asynchroneously.
Unfortunately, the apache itself will wait forever for a passphrase, it doesn't have a timeout yet, so this is not very suitable for booting.
It would be OK to wait forever if it would not block the boot process. Thus, as you mentioned above, running it asynchroneously on another console would be perfectly OK (IMHO).
But I still don't understand why apache don't start serving until the timeout is expired.
it is also possible that multiple certificates are configured, and multiple passphrases need to be entered for decryption.
When running async on a different console, this would be OK, too.
BTW, My personal workaround (so far) is to either put the passphrase(s) onto disk,
Then you don't need a passphrase at all :-(
I will put this as enhancement request into bugzilla, so it doesn't get
Google is your friend - http://www.modssl.org/docs/2.8/ssl_faq.html#ToC25 "How can I get rid of the pass-phrase dialog at Apache startup time?" Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
On Mon, Feb 20, 2006 at 08:34:34AM -0500, Michael W Cocke wrote:
Google is your friend -
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC25 "How can I get rid of the pass-phrase dialog at Apache startup time?"
Thanks for the hint, Michael! I've already read this. But I don't like the idea to have the private key lying around unprotected.
On Tue, 21 Feb 2006 07:40:24 +0100, you wrote:
On Mon, Feb 20, 2006 at 08:34:34AM -0500, Michael W Cocke wrote:
Google is your friend -
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC25 "How can I get rid of the pass-phrase dialog at Apache startup time?"
Thanks for the hint, Michael! I've already read this. But I don't like the idea to have the private key lying around unprotected.
If you set the file perms properly, by the time they get that file your system is owned anyway - I don't see a huge difference. Mike- -- If you're not confused, you're not trying hard enough. -- Please note - Due to the intense volume of spam, we have installed site-wide spam filters at catherders.com. If email from you bounces, try non-HTML, non-encoded, non-attachments,
On Tue, Feb 21, 2006 at 08:24:05AM -0500, Michael W Cocke wrote:
On Tue, 21 Feb 2006 07:40:24 +0100, you wrote:
On Mon, Feb 20, 2006 at 08:34:34AM -0500, Michael W Cocke wrote:
Google is your friend -
http://www.modssl.org/docs/2.8/ssl_faq.html#ToC25 "How can I get rid of the pass-phrase dialog at Apache startup time?"
Thanks for the hint, Michael! I've already read this. But I don't like the idea to have the private key lying around unprotected.
If you set the file perms properly, by the time they get that file your system is owned anyway - I don't see a huge difference.
They might own the system, but they don't own the certificate.
participants (3)
-
Josef Wolf
-
Michael W Cocke
-
poeml@cmdline.net