apachectl startssl（怎样才能跳过启动时输入密码）已解决

QUOTE:

原帖由 "haoyufu" 发表：
platinum  brother

说的对

QUOTE:

原帖由 "platinum" 发表：
谢谢你，这个做法我知道

但我想知道，像这种方式（没有证书的）的 https，除了在网络中不是以明文传输以外，并不能保证数据的安全吧？
我是这样理解的，别人截取以后一样可以还原，不知道说的对吗？

QUOTE:

原帖由 "platinum"]老乔进来看看 [/quote 发表：


http://w.yi.org/ftp/FAPM/apache/Apache2/zh/ssl/ssl_faq.html
[quote]

How can I get rid of the pass-phrase dialog at Apache startup time?
The reason why this dialog pops up at startup and every re-start is that the RSA private key inside your server.key file is stored in encrypted format for security reasons. The pass-phrase is needed to be able to read and parse this file. When you can be sure that your server is secure enough you perform two steps:

Remove the encryption from the RSA private key (while preserving the original file):

$ cp server.key server.key.org
$ openssl rsa -in server.key.org -out server.key


Make sure the server.key file is now only readable by root:

$ chmod 400 server.key


Now server.key will contain an unencrypted copy of the key. If you point your server at this file it will not prompt you for a pass-phrase. HOWEVER, if anyone gets this key they will be able to impersonate you on the net. PLEASE make sure that the permissions on that file are really such that only root or the web server user can read it (preferably get your web server to start as root but run as another server, and have the key readable only by root).

As an alternative approach you can use the ``SSLPassPhraseDialog exec:/path/to/program'' facility. But keep in mind that this is neither more nor less secure, of course.