Remove SSL certificate passphrase

A lot of people ask how they can remove the passphrase requirements from a private key so that Apache can be (re)started without the need to re-enter the key’s passphrase.

Security warning

Once you remove the requirement for the passphrase, the certificate can be easily copied and used elsewhere, thus raising the risk of it being abused. If you must remove the passphrase then you must take adequate protection in the storage of the file. Ensure that the permissions are set to only allow access to those who need it.

Now that you have been warned about the risks, we can continue onto the options

1) httpd has a directive you can use, SSLPassPhraseDialog.
2) You can use OpenSSL to remove the passphrase from the certificate completely.

An example usage of SSLPassPhraseDialog :

SSLPassPhraseDialog exec:/path/to/script

N.B. 'SSLPassPhraseDialog' can only be used in the main server config, and must be outside of any <Directory> or <Location> blocks.

Inside an example perl script:

#!/bin/sh
echo "put the passphrase here"

After saving the passphrase script, set the file executable

chmod +x /path/to/passphrase-script

How to strip a key with OpenSSL

With OpenSSL you can actually remove the passphrase from the SSL key completely. This will avoid Apache asking you to enter the passphrase every time it is started. To do this go to the command line and type

/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

with the file names and paths appropriate for your environment.

[Solved] Instance Status Checks – Failed – AWS EC2 Ubuntu Redhat

1) Stop the Instance (Problem Instance)
2) Detach the Volume (Problem Volume)
3) Fire up another Instance (New Instance)
4) Attach the Problem Volume to the New Instance
5) Start the New Instance
6) Mount the Problem Volume to /ebs
sudo mount /dev/xvdf1 /ebs -t ext4
7) Edit /ebs/etc/fstab
8) Unmount the Problem Volume
sudo umount /ebs
9) Detach the Problem Volume from the New Instance
10) Stop the New Instance
11) Detach the Problem Volume from the New Instance
12) Attach the Problem Volume back to the Problem Instance
Device Name: /dev/sda1
13) Start the Problem Instance

Hope you have your instance rebooted 🙂

Automatically SSL without Passphrase Prompt on Apache2 Restart or Server Reboot

You need to remove encryption from your private key file like this:

openssl rsa -in server.key -out server.key.new
mv server.key.new server.key

Make sure the new key file is only readable by root – otherwise anyone with shell access to this server will be able to grab the private key and impersonate your server.

To make the key readable only by root, do ‘chmod 600 server.key.new’ before swapping keys.

Now you should have Httpd Apache2 automatically started without SSL Passphrase prompt.

Redirect www to non www URL Using HTACCESS for WordPress

Learn to redirect www to non-www URLs or non www to www URLs using .htaccess file. You can do 301 permanent redirect on shared server with multiple domains also. If you have a self hosted WordPress website, you it would be useful for you.

mod_rewrite module of Apache server

Apache server uses modules for various functionalists. mod_rewrite is a module that enables redirection and URL rewriting. If this module is installed and available on Apache server, only then your redirection will work.

If mod_rewrite is available, it will take your redirection commands from .htaccess file.

Redirect old domain to new domain

<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www.olddomainname.com$ [OR]
RewriteCond %{HTTP_HOST} ^olddomainname.com$
RewriteRule ^(.*)$ http://www.newdomainname.com/$1 [R=301,L]
</IfModule>

Redirect www to non-www URL Domain

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www.example.com [NC]
RewriteRule ^(.*) http://example.com/$1 [L,R=301]
</IfModule>

Redirect non-www to www URL Domain

<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [nocase]
RewriteRule ^(.*) http://www.example.com/$1 [last,redirect=301]
</IfModule>