I recently ran into a site where I had to enter the pass phrase to restart Apache, but I wasn't 100% certain of the password and didn't want to bring down the live site if I didn't have to. I did a little searching and found this useful trick to test with openssl e.g.
openssl s_server -cert crt/public.crt -key private/private.key -www
When you run that, if your key was created with a pass phrase, you will get prompted for the password and you can test to make sure you have the right certificate password, without having to worry about killing the site.
If you really don't want to have to enter the pass phrase and you don't have the time or care to re-do the certificate, you can get away with using expect. Here is a sample script
#!/bin/bash
password=secret
scriptname=/usr/apache/bin/apachectl
arg1=start
timeout=-1
# now connect to remote UNIX box (ipaddr) with given script to execute
spawn $scriptname $arg1
match_max 100000
# Look for password prompt
expect "*?ass phrase:*"
# Send password aka $password
send -- "$password\r"
# send blank line (\r) to make sure we get back to gui
send -- "\r"
expect eof
You can use expect for other programs. The only think you might have to work on is the expect part where you have to give expect the term to look for.
Wednesday, October 21, 2009
Subscribe to:
Post Comments (Atom)
Blog Archive
-
▼
2009
(21)
-
▼
October
(14)
- Slowing brute force hackers
- Generating a new CSR to get your shiny new SSL cer...
- Turning man pages to PDF files
- Regex pattern for stripping Javadocs
- XSLT outputing Carriage return/line feed
- Getting FTP to work through IP tables
- Yum repo for more up to date Dovecot
- JBoss and file handles on RedHat
- How to get more network stats
- How to find process IDs listening to port xxx
- Fun with SSL certs and Apache
- Adding Jalopy to Maven and clean things up
- Dealing with extended characters in bash
- Meta key in emacs on osx 10.6.1
-
▼
October
(14)
No comments:
Post a Comment