Apache – Checking if Apache requires SSL pass-phrase

apache-httpdconfigurationopenssl

I'm thinking about restarting a client's Apache server, but I'm reluctant to do so because I know he's currently running HTTPS and I don't want to get stuck with the server prompting me for the SSL Passphrase (which I don't have and he's not sure if there is one or not).

Is there a quick/easy way to check whether Apache will require the SSL pass phrase before restarting it?

Best Answer

You could check whether the private key is password protected by running

$ openssl rsa -in /path/to/private.key -check -noout

If this prompts you for the password, the key is obviously password protected.

Related Solutions

Apache – How to configure SSL for Apache2 on OpenSuSE 13.1

You also need to add the SSL flag to APACHE_SERVER_FLAGS in /etc/sysconfig/apache2.

# Notably, to enable ssl support, 'SSL' needs to be added here.
# To enable the server-status, 'STATUS' needs to be added here.
#
# It does not matter if you write flag1, -D flag1 or -Dflag1.
# Multiple flags can be given as "-D flag1 -D flag2" or simply "flag1 flag2".
#
# Specifying such flags here is equivalent to giving them on the commandline.
# (e.g. via rcapache2 start -DReverseProxy)
#
# Example:
#      "SSL STATUS AWSTATS SVN_VIEWCVS no_subversion_today"
#
APACHE_SERVER_FLAGS="SSL"

Apache – Use Different OpenSSL for Apache

First, you should get the desired version of OpenSSL and install it at a location where it will not interfere with your system version, e.g. /opt:

$ ./config \
    --prefix=/opt/openssl-VERSION \
    --openssldir=/opt/openssl-VERSION
$ make
$ sudo make install

Next, get the latest Apache 2.4.x, APR and APR-Util libraries. You will need to unpack all three packages into the same source tree, with the latter two in the location where Apache expects them. For example:

$ tar zxvf httpd-VERSION.tar.gz
$ cd httpd-VERSION/srclib/
$ tar zxvf ../../apr-VERSION.tar.gz
$ ln -s apr-VERSION/ apr
$ tar zxvf ../../apr-util-VERSION.tar.gz
$ ln -s apr-util-VERSION/ apr-util

Then, configure and install Apache. The mod_ssl module will be compiled statically, with all other modules dynamically, like this:

$ ./configure \
    --prefix=/opt/httpd \
    --with-included-apr \
    --enable-ssl \
    --with-ssl=/opt/openssl-VERSION \
    --enable-ssl-staticlib-deps \
    --enable-mods-static=ssl
$ make
$ sudo make install

Best Answer

Related Solutions

Apache – How to configure SSL for Apache2 on OpenSuSE 13.1

Apache – Use Different OpenSSL for Apache

Related Question