apache + SSL [Archive] - Web Hosting Talk

clocker1996

03-19-2002, 09:25 PM

i have one site in my httpd.conf that uses ssl, the rest are just reg websites

everytime i run apachectl startssl, it makes me enter a pw for one of the domains
# ./apachectl startssl
Apache/1.3.22 mod_ssl/2.8.5 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide us with the pass phrases.

Server oignet.net:443 (RSA)
Enter pass phrase:

Ok: Pass Phrase Dialog successful.
./apachectl startssl: httpd started

Is there a way to make it so it can automatically just start with ssl? because when the box reboots, it wont start httpd until someonee enters the pw =\

Does anyone know how to make it so it ll just start with ssl without a pw

clocker1996

03-19-2002, 09:31 PM

in httpd.conf:

<IfModule mod_ssl.c>

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
SSLPassPhraseDialog builtin

# Inter-Process Session Cache:
# Configure the SSL Session Cache: First the mechanism
# to use and second the expiring timeout (in seconds).
#SSLSessionCache none
#SSLSessionCache shmht:/usr/local/apache/logs/ssl_scache(512000)
#SSLSessionCache shmcb:/usr/local/apache/logs/ssl_scache(512000)
SSLSessionCache dbm:/usr/local/apache/logs/ssl_scache
SSLSessionCacheTimeout 300

# Semaphore:
# Configure the path to the mutual exclusion semaphore the
# SSL engine uses internally for inter-process synchronization.
SSLMutex file:/usr/local/apache/logs/ssl_mutex

# Pseudo Random Number Generator (PRNG):
# Configure one or more sources to seed the PRNG of the
# SSL library. The seed data should be of good random quality.
# WARNING! On some platforms /dev/random blocks if not enough entropy
# is available. This means you then cannot use the /dev/random device
# because it would lead to very long connection times (as long as
# it requires to make more entropy available). But usually those
# platforms additionally provide a /dev/urandom device which doesn't
# block. So, if available, use this one instead. Read the mod_ssl User
# Manual for more details.
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
#SSLRandomSeed startup file:/dev/random 512
#SSLRandomSeed startup file:/dev/urandom 512
#SSLRandomSeed connect file:/dev/random 512
#SSLRandomSeed connect file:/dev/urandom 512

# Logging:
# The home of the dedicated SSL protocol logfile. Errors are
# additionally duplicated in the general error log file. Put
# this somewhere where it cannot be used for symlink attacks on
# a real server (i.e. somewhere where only root can write).
# Log levels are (ascending order: higher ones include lower ones):
# none, error, warn, info, trace, debug.
SSLLog /usr/local/apache/logs/ssl_engine_log
SSLLogLevel info

</IfModule>

<IfDefine SSL>

# SSL Cipher Suite:
# List the ciphers that the client is permitted to negotiate.
# See the mod_ssl documentation for a complete list.
#SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

Then near the vhost section:

# SSL site
<VirtualHost 209.114.204.156:443>
DocumentRoot /usr/vservers/oig-net/ssl/web
ServerName oignet.net
ServerAdmin admin@oignet.net
ErrorLog /usr/vservers/oig-net/ssl/logs/error.log
TransferLog /usr/vservers/oig-net/ssl/access.log
SSLEngine on
SSLCertificateFile /usr/local/apache/conf/opt-in-group/oignet.net.crt
SSLCertificateKeyFile /usr/local/apache/conf/opt-in-group/oignet.net.key
#SSLCACertificateFile /etc/httpd/conf/ssl.crt/ca-bundle.crt
<Files ~ "\.(cgi|shtml)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/etc/httpd/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
CustomLog /usr/local/apache/logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>