Enter SSL Pass Phrase
If you have ever provided a passphrase while creating a private key for SSL configuration, then you are required to enter passphrase every time restarting httpd service.
[root@test ~]# systemctl restart httpd
Enter SSL pass phrase for www.example.com:443 (RSA) : ********
This could be annoying during configuring and testing your web server. Worse, you have no change to enter the passphrase if system reboot is scheduled as a cron job.
There're two methods to stop prompting passphrase entering dialog.
Remove PassPhrase from Private Key
Here we generate another RSA key by openssl without specifying any encryption options.
[root@test ~]# openssl rsa -in /etc/pki/tls/private/www.example.com.key -out /etc/pki/tls/private/www.example.com.key-no-passphrase
Enter pass phrase for /etc/pki/tls/private/www.example.com.key:
writing RSA key
As you can see, we have an output file which is the PKI without passphrase.
Then we use the no-passphrase PKI as our key file.
[root@test ~]# vi /etc/httpd/conf/httpd.conf
Now, you can restart httpd server without prompting the passphrase dialog.
Please note that, an unencrypted private key may add some security risk to your server. However, it's convenient during system testing phase. Besides, you can switch it back afterward.
Provide PassPhrase in Advance
To provide the passphrase, you have to create a file to echo it.
[root@test ~]# vi /etc/httpd/passphrase
Please note that, if your passphrase contains any special character, for example, a dollar sign ($) or a semi-colon (;), you have to use back slash (\) to escape it. Otherwise, the service fails to start.
Then make it executable.
[root@test ~]# chmod u+x /etc/httpd/passphrase
Go back to SSL configuration file, and replace the dialog file at around line 18 with the new file.
[root@test ~]# vi /etc/httpd/conf.d/ssl.conf -c "se nu"
18 #SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
19 SSLPassPhraseDialog exec:/etc/httpd/passphrase