Apache2で起動時にSSL証明書の秘密鍵のパスフレーズを自動入力する設定

高瀬 裕介 1,069views 更新:2013年7月9日

/etc/httpd/conf.d/ssl.conf

# Pass Phrase Dialog:
# Configure the pass phrase gathering process.
# The filtering dialog program (`builtin' is a internal
# terminal dialog) has to provide the pass phrase on stdout.
#SSLPassPhraseDialog builtin #コメントアウト
SSLPassPhraseDialog exec:/etc/httpd/ppfilter.sh #追加
...
# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A new
# certificate can be generated using the genkey(1) command.
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt 
SSLCertificateFile /etc/httpd/conf/ssl.crt/yourdomain.crt
# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key 
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourdomain.key
# Server Certificate Chain:
# Point SSLCertificateChainFile at a file containing the
# concatenation of PEM encoded CA certificates which form the
# certificate chain for the server certificate. Alternatively
# the referenced file can be the same as SSLCertificateFile
# when the CA certificates are directly appended to the server
# certificate for convinience.
#SSLCertificateChainFile /etc/pki/tls/certs/server-chain.crt
SSLCertificateChainFile /etc/httpd/conf/ssl.crt/ca2011.crt

/etc/httpd/ppfilter.sh

#!/bin/sh
/bin/echo "YourPassword"

パーミッション変更

chmod +x /etc/httpd/ppfilter.sh
chown apache: /etc/httpd/ppfilter.sh

ログイン / 新規登録してコメントする

このソースコードをストックして後で利用したり、作業に利用したソースコードをまとめることができます。

こちらもお役に立つかもしれません