Name
SSLPassPhraseDialog
Synopsis
SSLPassPhraseDialog type
Default: builtin
Server config
Apache v2 only
When Apache starts up it has to read the various Certificate (see
SSLCertificateFile) and Private Key (see
SSLCertificateKeyFile) files of the
SSL-enabled virtual servers. The Private Key files are usually
encrypted, so mod_ssl needs to query the administrator for a
passphrase to decrypt those files. This query can be done in two
different ways, specified by type
:
-
builtin
This is the default: an interactive dialog occurs at startup. The administrator has to type in the passphrase for each encrypted Private Key file. Since the same pass phrase may apply to several files, it is tried on all of them that have not yet been opened.
-
exec:/
path
/
to
/
program
An external program is specified which is called at startup for each encrypted Private Key file. It is called with two arguments (the first is
servername:portnumber
; the second is eitherRSA
orDSA
), indicating the server and algorithm to use. It should then print the passphrase to stdout. The idea is that this program first runs security checks to make sure that the system is not compromised by an attacker. If these checks are passed, it provides the appropriate passphrase. Each passphrase is tried, as earlier, on all the unopened private key files.
Example
SSLPassPhraseDialog exec:/usr/local/apache/sbin/pp-filter
Get Apache: The Definitive Guide, 3rd Edition now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.