| 1 |
On 18/08/11 03.23, Grant wrote: |
| 2 |
> I just accidentally overwrote my SSL certificate key. Is there any |
| 3 |
> way to retrieve it? Possibly some sort of export since I haven't |
| 4 |
> restarted apache2 yet? |
| 5 |
|
| 6 |
If apache keeps the certificate file open after reading it (I doubt |
| 7 |
that's the case, but if you have lsof installed you should check just to |
| 8 |
make sure) and you didn't restart it, you could try this method: |
| 9 |
|
| 10 |
http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data |
| 11 |
|
| 12 |
Otherwise, assuming you're on ext2/ext3, ext3undel works quite well, |
| 13 |
*provided that you stop any writes to the affected volume ASAP*, e.g. by |
| 14 |
remounting it read-only. |
| 15 |
|
| 16 |
If the data hasn't been overwritten, carving tools should work too, as |
| 17 |
the ASCII-armor of the certificate provides an easily recognizable |
| 18 |
pattern and the file is almost certainly small enough to fit within a |
| 19 |
single FS block. |
| 20 |
|
| 21 |
andrea |
Archives