Add Pass phrase to environment variables (bashrc) in order to be used when restarting Apache server

Question

Currently I'm using "SSLPassPhraseDialog exec:/path/to/pass-phrase.sh" on the /etc/apache2/mods-enabled/ssl.conf file

#!/bin/bash
echo "mypassphrase"

Everything works fine when I restart or start my apache server.

I tried to add my passphrase to my .bashrc like so export SSL_PASSPHRASE=mypassphrase

and sourced the .bashrc file source ~/.bashrc

After that I changed the pass-phrase.sh to

#!/bin/bash
echo $SSL_PASSPHRASE

executing ./path/to/pass-phrase.sh result to mypassphrase

but when I try to restart my Apache server, an error occur related to the passphrase

> [Mon Dec 16 22:56:59.611824 2019] [ssl:emerg] [pid 19314] AH02580:
> Init: Pass phrase incorrect for key mysub.myinstance.com:443:0 [Mon Dec
> 16 22:56:59.611883 2019] [ssl:emerg] [pid 19314] SSL Library Error:
> error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Mon
> Dec 16 22:56:59.611892 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D08303A:asn1 encoding
> routines:asn1_template_noexp_d2i:nested asn1 error [Mon Dec 16
> 22:56:59.611898 2019] [ssl:emerg] [pid 19314] SSL Library Error:
> error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag [Mon
> Dec 16 22:56:59.611905 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error (Type=RSAPrivateKey)
> [Mon Dec 16 22:56:59.611912 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:04093004:rsa routines:old_rsa_priv_decode:RSA lib [Mon
> Dec 16 22:56:59.611937 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag
> [Mon Dec 16 22:56:59.611947 2019] [ssl:emerg] [pid 19314] SSL Library
> Error: error:0D07803A:asn1 encoding
> routines:asn1_item_embed_d2i:nested asn1 error
> (Type=PKCS8_PRIV_KEY_INFO) [Mon Dec 16 22:56:59.613065 2019]
> [ssl:emerg] [pid 19314] AH02564: Failed to configure encrypted (?)
> private key mysub.myinstance.com:443:0, check
> /etc/apache2/ssl/mykey.key

score 5 · Accepted Answer · answered Dec 17 '19 at 00:17

5

.bashrc configures your environment.

Apache is sometimes configured with a sudo to bind ports lower than 1024. And you probably have User and Group directives that define which user Apache will switch to once started.

All this to say that your Apache runs in a different environment than your user. It does not have access to the variables.

The "right" place to put such variables is in $APACHE_ROOT/bin/envvars.

answered Dec 17 '19 at 00:17

Nic3500

5,007
10
26
33

2

Thanks for the clarification, I Changed the location of the variable to `$APACHE_ROOT/bin/envvars` as you said, but I'am facing the same problem and the same errors. Notice that I'm using `sudo systemctl (start/stop/restart/status)` apache2 to manage my Apache server. – Chawki.Tlich Dec 17 '19 at 07:01
The `apachectl` command parses the `envvars` file. If you start Apache directly using `httpd` I think it does not process that file. Please confirm your startup. It all depends how your `systemctl` entry is configured for apache2. – Nic3500 Dec 17 '19 at 15:53
Sorry for the delay, I'm quite sure I'm using **apachectl**. Apache version **2.4.41** and the `envvars` file is directly located under the `$APACHE_ROOT`, there is no `bin/` directory. – Chawki.Tlich Dec 20 '19 at 09:44

Add Pass phrase to environment variables (bashrc) in order to be used when restarting Apache server

1 Answers1