passphrasedialog help...

Im running a server that has a lot of virtual hosts with ssl enabled on
them. The problem im having is that all of the servers have encrypted key
files and their own little passphrase dialog binary that ouputs the password
to stdout.

Here is what i did, I put this for every vhost with ssl:

# start ssl vhost for www.domain.com


SSLPassPhraseDialog exec:/websites/www.domain.com/www_ssl/phrase

NameVirtualHost 192.168.1.20:443

and so on and so on.

I looked in the log when the server startup failed and what it appears to be
doing is takeing the last occurance of the passphrasedialog line in the file
and using it for all the virtualhosts instead of using each passphrasedialog
for each virtual host. This process must be automated as i cannot sit here
and type in 40 to 60 passwords in everytime the server is loaded.

Please help me, I dont know what IM doing wrong but I need this to work.

TIA
Rick Kukiela

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: passphrasedialog help...

I am sure I am missing something, but if you have all passphrases
present on one machine you may as well have just one passphrase and
separate the VirtualHost and HAVE_SSL blocks from each other?

Also, not exactly the answer to you question/approach, but a consideration
may be removing all pass phrase(s) from the .../ssl.key/server.key
(if your machine is in a safe environment) by using something like:

openssl rsa -in server.key -out server_wo.key

I recommend saving the keys before copying the server_wo.key to the *real*
location and file name, and practicing with openssl in a tmp directory.

BTW, I have 50+ virtual domains protected by only *one* passphrase in
server.key .

Good luck ........................ Horst
http://www.modssl.org/docs/2.8/ssl_reference.html#ToC2


On Mon, 16 Sep 2002, Rick Kukiela wrote:

> Im running a server that has a lot of virtual hosts with ssl enabled on
> them. The problem im having is that all of the servers have encrypted key
> files and their own little passphrase dialog binary that ouputs the password
> to stdout.
>
> Here is what i did, I put this for every vhost with ssl:
>
> # start ssl vhost for www.domain.com
>
>
> SSLPassPhraseDialog exec:/websites/www.domain.com/www_ssl/phrase
>
> NameVirtualHost 192.168.1.20:443
>
> and so on and so on.
>
> I looked in the log when the server startup failed and what it appears to be
> doing is takeing the last occurance of the passphrasedialog line in the file
> and using it for all the virtualhosts instead of using each passphrasedialog
> for each virtual host. This process must be automated as i cannot sit here
> and type in 40 to 60 passwords in everytime the server is loaded.
>
> Please help me, I dont know what IM doing wrong but I need this to work.
>
> TIA
> Rick Kukiela
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
>

____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org

Re: passphrasedialog help...

Strange that it only seems to accept one exec: ...phrase for all the virtual hosts.

This is what I would do:

Make an expect script which reads the name of the virtual host the server is asking the password for, and make it execute the right ¨prhase¨ executable (or read it from a file), and make it reply to the servers request.
Then start the server with the expect script.

For safety you could encrypt the file with the key passwords and make the expect script ask for one password.



On Mon, 16 Sep 2002 13:18:23 -0500
"Rick Kukiela" wrote:

> Im running a server that has a lot of virtual hosts with ssl enabled on
> them. The problem im having is that all of the servers have encrypted key
> files and their own little passphrase dialog binary that ouputs the password
> to stdout.
>
> Here is what i did, I put this for every vhost with ssl:
>
> # start ssl vhost for www.domain.com
>
>
> SSLPassPhraseDialog exec:/websites/www.domain.com/www_ssl/phrase
>
> NameVirtualHost 192.168.1.20:443
>
> and so on and so on.
>
> I looked in the log when the server startup failed and what it appears to be
> doing is takeing the last occurance of the passphrasedialog line in the file
> and using it for all the virtualhosts instead of using each passphrasedialog
> for each virtual host. This process must be automated as i cannot sit here
> and type in 40 to 60 passwords in everytime the server is loaded.
>
> Please help me, I dont know what IM doing wrong but I need this to work.
>
> TIA
> Rick Kukiela
>
> ____________________________________________________________ __________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List modssl-users@modssl.org
> Automated List Manager majordomo@modssl.org
____________________________________________________________ __________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List modssl-users@modssl.org
Automated List Manager majordomo@modssl.org