Bug#773405: systemd: Systemd cannot restart apache2.service because of SSL certificate with password

Michael Biebl biebl at debian.org
Thu Dec 18 12:34:45 GMT 2014


Am 18.12.2014 um 13:09 schrieb Michael Biebl:
> Am 18.12.2014 um 03:25 schrieb Dupont Francois:
>> Package: systemd
>> Version: 215-7
>> Severity: important
>>
>> Dear Maintainer,
>>
>>
>>     I've created a new SSL certificate with a password for a website. 
>>     After properly configuring my apache configuration file, I tried to restart apache2.service (after a valid apachectl -t).
>>     I Could'nt do it, apache refuses to restart.
>>     systemd seems to not give the oportunity to enter the certificate's password  (needed for a proper apache2 restart/reload in this case).
>>     
> 
> 
> I would suggest simply using a passwordless certificate.
> If you insist on using a passphrase, you should try apache's
> SSLPassPhraseDialog configuration directive.
> This way you can eider feed the passphrase to apache statically via a
> simple shell script which echo's the password string, or you use
> systemd's password agent interface [2] to query for the password via the
> systemd-ask-password command line tool.
> 
> Imho this is simply a configuration issue and not a bug in systemd, so
> I'm inclined to close the bug report or maybe re-assign to the apache
> package, so it can be added to its README.Debian (or a similar file)
> 
> 
> [1] http://httpd.apache.org/docs/2.4/mod/mod_ssl.html#sslpassphrasedialog
> [2] http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/
> 

Related to that:

https://bugzilla.redhat.com/show_bug.cgi?id=707917

Might be worth having a look at the httpd-ssl-pass-dialog script that is
shipped in the Fedora package.


@apache maintainers: Are you ok if we re-assign this to the apache
package and handle it there? You can keep the pkg-systemd-maintainers in
CC if there are further questions.

Michael

-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20141218/a3af0408/attachment-0002.sig>


More information about the Pkg-systemd-maintainers mailing list