Remove SSL certificate passphrase

A lot of people ask how they can remove the passphrase requirements from a private key so that Apache can be (re)started without the need to re-enter the key’s passphrase.

Security warning

Once you remove the requirement for the passphrase, the certificate can be easily copied and used elsewhere, thus raising the risk of it being abused. If you must remove the passphrase then you must take adequate protection in the storage of the file. Ensure that the permissions are set to only allow access to those who need it.

Now that you have been warned about the risks, we can continue onto the options

1) httpd has a directive you can use, SSLPassPhraseDialog.
2) You can use OpenSSL to remove the passphrase from the certificate completely.

An example usage of SSLPassPhraseDialog :

SSLPassPhraseDialog exec:/path/to/script

N.B. 'SSLPassPhraseDialog' can only be used in the main server config, and must be outside of any <Directory> or <Location> blocks.

Inside an example perl script:

#!/bin/sh
echo "put the passphrase here"

After saving the passphrase script, set the file executable

chmod +x /path/to/passphrase-script

How to strip a key with OpenSSL

With OpenSSL you can actually remove the passphrase from the SSL key completely. This will avoid Apache asking you to enter the passphrase every time it is started. To do this go to the command line and type

/path/to/openssl rsa -in /path/to/originalkeywithpass.key -out /path/to/newkeywithnopass.key

with the file names and paths appropriate for your environment.

[Solved] Instance Status Checks – Failed – AWS EC2 Ubuntu Redhat

1) Stop the Instance (Problem Instance)
2) Detach the Volume (Problem Volume)
3) Fire up another Instance (New Instance)
4) Attach the Problem Volume to the New Instance
5) Start the New Instance
6) Mount the Problem Volume to /ebs
sudo mount /dev/xvdf1 /ebs -t ext4
7) Edit /ebs/etc/fstab
8) Unmount the Problem Volume
sudo umount /ebs
9) Detach the Problem Volume from the New Instance
10) Stop the New Instance
11) Detach the Problem Volume from the New Instance
12) Attach the Problem Volume back to the Problem Instance
Device Name: /dev/sda1
13) Start the Problem Instance

Hope you have your instance rebooted :)

Automatically SSL without Passphrase Prompt on Apache2 Restart or Server Reboot

You need to remove encryption from your private key file like this:

openssl rsa -in server.key -out server.key.new
mv server.key.new server.key

Make sure the new key file is only readable by root – otherwise anyone with shell access to this server will be able to grab the private key and impersonate your server.

To make the key readable only by root, do ‘chmod 600 server.key.new’ before swapping keys.

Now you should have Httpd Apache2 automatically started without SSL Passphrase prompt.

Check CPU Usage of Ubuntu Redhat Linux

To get CPU usage, best way is to read /proc/stat file. See man 5 proc for more help.

There is a useful script written by Paul Colby.

#!/bin/bash
# by Paul Colby (http://colby.id.au), no rights reserved ;)

PREV_TOTAL=0
PREV_IDLE=0

while true; do

 CPU=(`cat /proc/stat | grep '^cpu '`) # Get the total CPU statistics.
 unset CPU[0] # Discard the "cpu" prefix.
 IDLE=${CPU[4]} # Get the idle CPU time.

 # Calculate the total CPU time.
 TOTAL=0

 for VALUE in "${CPU[@]:0:4}"; do
 let "TOTAL=$TOTAL+$VALUE"
 done

 # Calculate the CPU usage since we last checked.
 let "DIFF_IDLE=$IDLE-$PREV_IDLE"
 let "DIFF_TOTAL=$TOTAL-$PREV_TOTAL"
 let "DIFF_USAGE=(1000*($DIFF_TOTAL-$DIFF_IDLE)/$DIFF_TOTAL+5)/10"
 echo -en "\rCPU: $DIFF_USAGE% \b\b"

 # Remember the total and idle CPU times for the next check.
 PREV_TOTAL="$TOTAL"
 PREV_IDLE="$IDLE"

 # Wait before checking again.
 sleep 1
done

Save it to ~/cpu_usage, add execute permission sudo chmod +x ~/cpu_usage and run:

~/cpu_usage

To stop the script, hit Ctrl + C

Adding Timestamp Date Time while Saving a Log File from Crontab Cronjob Ubuntu Redhat Linux

This is just a quick solution to put a timestamp with each line of the output of some command in Ubuntu Redhat Linux (*nix). It’s a very simple thing, thought I’d write it down here so maybe it’ll help somebody some day.

I have a cron job running on my server, it’s a high frequency job so I don’t want to send email reports each time, I’m logging it into a file, but I want to log the timestamp of each time it runs and logs something to this file, I didn’t want to change the code behind it to also print the timestamp with each write to the output, so I pipelined the command to a simple bash script that will append the timestamp to each line in the output then write the result to the stdout again.

Here is the bash script for sudo nano ~/timestamp.sh

#!/bin/bash
while read x; do
 echo -n `date +%d/%m/%Y\ %H:%M:%S`;
 echo -n " ";
 echo $x;
done

Then I edited the cron job crontab -e line to be like this:

* 9 * * 1-5 ~/my-cronjob-command.sh 2>&1 | ~/timestamp.sh >> /var/log/cron/my-cronjob-command.log

And you’re done!

Enjoy it.