Oct 29, 2009

Quick Tip: Auto enter password for your SSL Certificate in Apache2

If you've got an SSL certificate that you're using that happens to be protected with a passphrase, you know that you need to enter that password every single time you restart your web server. Since Linux is so stable these days it's hardly a big problem, but if something goes wrong while you're on vacation or away from your computer, it could become a big deal. One solution is to remove the passphrase from your ssl certificate so that Apache doesn't ask you for it. But there's another way too.

Basically it boils down to creating a file with your passphrase in it and then pointing apache to it. Since we love Ruby around here, we'll show you how to create the passphrase script using it.

puts "passphrase"

Save that somewhere and then add this to your /etc/apache2/httpd.conf file:

SSLPassPhraseDialog exec:/path/to/passphrase

Lastly, let's make sure that file is executable:
sudo chmod +x /path/to/passphrase

That should be it. Let's stop apache and then start it again:

sudo apache2ctl stop
sudo apache2ctl start

If all went well, you weren't asked for a passphrase and your apache server is still running!

There are some disadvantages though. One of the biggest reasons to put a passphrase in your ssl cert is to prevent it from being hijacked. If a cracker can get into your server and take the cert he/she might be also able to get your passphrase file. That's no good. So be sure to put your passphrase somewhere secure and protect your server.


  1. Thanks for this article. It really came in handy and was exactly what I needed when I needed it.

    I would like to mention that a good secure place for the passphrase is an external USB flash drive. That's what I'm doing.

  2. thanks! did help very well... but: you dont need to use ruby, a simple echo "password" does the same :)

  3. Thanks a lot!
    It's really helpful article.
    It also run in CentOS 6.