[users@httpd] httpd-ssl.conf and SSL directives

[Alex Chen <al...@filemaker.com>]

If I enable HTTPS by loading the mod_ssl.so, enabling httpd-ssl.conf,  
start Apache then remove SSL certificate, SSL private key, will that 
cause Apache to fail to acceptHTTPS requests?
How if I remove the httpd-ssl.conf all together?
In a nutshell, will Apache continue to work properly and accept HTTPS if 
all the configurations and directives for serving HTTPS are removed 
after Apache starts successfully,

Alex

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] httpd-ssl.conf and SSL directives

[Alex Chen <al...@filemaker.com>]

I want to start and stop Apache via a program so it does not conflict 
with system Apache server, if any, and I want to remove private key 
after Apache starts for obvious reason.
I know Apache starts itself and spawn child processes to serve the 
requests, so the child process should have all the configuration read by 
the parent process I think.
But I am not sure if there are cases where Apache need to reload the 
configuration. (on SIGHUP,, SIGUSR1 or SIGUSR2 maybe?)

On 12/5/2012 10:25 AM, Ben Johnson wrote:
>
> On 12/5/2012 12:55 PM, Alex Chen wrote:
>> If I enable HTTPS by loading the mod_ssl.so, enabling httpd-ssl.conf,
>> start Apache then remove SSL certificate, SSL private key, will that
>> cause Apache to fail to acceptHTTPS requests?
>> How if I remove the httpd-ssl.conf all together?
>> In a nutshell, will Apache continue to work properly and accept HTTPS if
>> all the configurations and directives for serving HTTPS are removed
>> after Apache starts successfully,
>>
>> Alex
>>
> I'm pretty sure that Apache loads all of its configuration data
> (including SSL/TLS certificate components) when the service is started.
> So, yes, in theory, you could remove the certificate components after
> Apache starts, and the server would continue to serve HTTPS requests
> because the files are stored in memory. Of course, it would be simple
> enough for you to test this yourself.
>
> That said, I remember reading somewhere that Apache attempts to reload
> certain portions of that information in the normal course of operation.
> Perhaps one of the developers will weigh-in.
>
> Why you would ever want to do something like that is another issue
> altogether. Would you care to indulge the curious?
>
> -Ben
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org

Re: [users@httpd] httpd-ssl.conf and SSL directives

[Ben Johnson <be...@indietorrent.org>]

On 12/5/2012 12:55 PM, Alex Chen wrote:
> If I enable HTTPS by loading the mod_ssl.so, enabling httpd-ssl.conf, 
> start Apache then remove SSL certificate, SSL private key, will that
> cause Apache to fail to acceptHTTPS requests?
> How if I remove the httpd-ssl.conf all together?
> In a nutshell, will Apache continue to work properly and accept HTTPS if
> all the configurations and directives for serving HTTPS are removed
> after Apache starts successfully,
> 
> Alex
> 

I'm pretty sure that Apache loads all of its configuration data
(including SSL/TLS certificate components) when the service is started.
So, yes, in theory, you could remove the certificate components after
Apache starts, and the server would continue to serve HTTPS requests
because the files are stored in memory. Of course, it would be simple
enough for you to test this yourself.

That said, I remember reading somewhere that Apache attempts to reload
certain portions of that information in the normal course of operation.
Perhaps one of the developers will weigh-in.

Why you would ever want to do something like that is another issue
altogether. Would you care to indulge the curious?

-Ben

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org