I just installed a cert on a domain and now WHM wont restart apache due to the fact whenever it restarts it wan'ts a pass phrase. I litterally have to do it via command line. It's not to big a deal but that means when it fails it won't automatically restart.

This is what the command line is asking for for the start
==============
Apache/1.3.20 mod_ssl/2.8.4 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server www.rockhosting.com:443 (RSA)
Enter pass phrase:

==========================

How do I get it to bypass that so WHM can do the restarts?

Thanks

Howdy,

1) find your Server Key (often called www.domain.com.key)
2) make a backup
$ cp server.key server.key.org
Then you want to take the original key and decrypt it into a plaintext key. So in goes the original (backed up) key and out comes the new plaintext key (which overwrites server.key). If something goes wrong you still have server.key.org. ;-)

$ openssl rsa -in server.key.org -out server.key

Since your server.key is now in plaintext you want to make sure only root can read it. (apache can run as nobody, but it always starts up as root)

$ chmod 400 server.key

-davidu

This happened to us too!

Our solution was to re-create the certificate but use these commands:

openssl genrsa -des3 -rand /dev/randon -out key 1024
openssl req -new -key key -out csr
openssl x509 -req -days 30 -in csr -signkey key -out certificate
rm -r -f *.csr

(yes that says /dev/randon)

Let me know if that works :)

Originally posted by MaB
This happened to us too!

Our solution was to re-create the certificate but use these commands:

openssl genrsa -des3 -rand /dev/randon -out key 1024
openssl req -new -key key -out csr
openssl x509 -req -days 30 -in csr -signkey key -out certificate
rm -r -f *.csr

(yes that says /dev/randon)

Let me know if that works :)

that's for a self signed cert. Also /dev/randon isn't very secure and some people won't have it. more people have /dev/urandom.

Also, being a self signing CA isn't what most people want, they use a key from verisign or thawte or whatever.

-davidu

Good call :)