Hello Mat, I my previous step-by-step procedure I forgot to include a small part that I found out later; it should be appended... At 2000-04-04 17:58, I wrote:
Hello Mat, ... I posted this step-by-step procedure a while ago:
---cut--- o Configuring SSL - properly and create your own Certificate Authority (CA) ... You might want to keep the ca and server keys and certs on a floppy and store them in a secure place. ---cut---
Please append this, if you don't want to type in the server key passphrase
with every reboot (there is a security issue):
---append---
You might want to keep the ca and server keys and certs on a floppy
and store them in a secure place.
During a machine reboot, you will be asked for the server key pass-phrase.
There is a short time-out, and usually the server therefore won't start.
The solution is to remove the encryption from the server key. See question
"How can I get rid of the pass-phrase dialog at Apache startup time?" in
the mod_ssl faq for more on the security aspects. Here's what you do:
# cd /etc/httpd/ssl.key
# cp -p server.key server.key.orig
# openssl rsa -in server.key.orig -out server.key
# chmod 0400 server.key server.key.orig
# chown root server.key server.key.orig
---append---
Good luck,
Eric
--
Eric Maryniak