Apache SSL unencrypted RSA private key readable by php scripts?

Question

For reference, this question is related to the following ones; but they do not provide the answer:

Storing RSA Private Key un-encrypted SSL password on apache2 restart

I have an Apache 2.2 server running on Windows 2003 Server. My private key files are stored unencrypted in the same folder as the Apache config files (following the Apache guidelines here: http://httpd.apache.org/docs/2.2/ssl/ssl_faq.html#removepassphrase).

The websites hosted on the server all share the same Apache instance. Apache runs under a dedicated user account, which has read access to the web folders and to the config/private key folders.

In principle, any customer should now be able to write a PHP script for reading these out, right? So it seems that this is not an ideal situation. The Apache guide says that the key files should only be readable by root. I can't do this since Apache would not be able to read them..

Is there a proper way to make these keyfiles readable to Apache without exposing them to any script running in Apache?

score 0 · Answer 1 · answered Apr 09 '11 at 09:54

0

apache launches as root then spawns its process as the apache user, so it can still read the key files if they are owned as root, at that point in the start process apache will not serve files so any script a user may write wont get executed until apache has dropped its privileges into the apache user at this point the script wouldnt be able to read the files

2 simple solutions to your problem

dont store the key files in the apache config directory (store them elsewhere on the server)
make sure the key files are owned by root

answered Apr 09 '11 at 09:54

anthonysomerset

3,983
2
20
24

Sorry -1, this is correct for *nix boxen, but there is no 'root' in Windows. – Chris S Apr 15 '11 at 13:02
yeah the win server info wasnt present when i anwsered :) – anthonysomerset Apr 15 '11 at 16:35
The question hasn't been edited since it was posted... so the Windows info was there at least 7 minutes before you posted your answer. – Chris S Apr 15 '11 at 17:26

score 0 · Answer 2 · answered Apr 15 '11 at 07:57

0

The given answer does not apply to windows, I believe.

My sslcertificates/ folder is owned by "system". When Apache has no read access to this folder, then it won't start up. I used the sysinternals process monitor to find out what goes wrong, and it clearly shows that httpd.exe wants to read the key files (which makes sense).

Apache thus does need read access to these files!

So the question remains unanswered.

answered Apr 15 '11 at 07:57

andreas

1

If the Apache service is setup to start as an httpd user then that user will need read access to the configuration files (including SSL certs). – Chris S Apr 15 '11 at 13:03

Apache SSL unencrypted RSA private key readable by php scripts?

2 Answers2