1 |
On 18/08/11 03.23, Grant wrote: |
2 |
> I just accidentally overwrote my SSL certificate key. Is there any |
3 |
> way to retrieve it? Possibly some sort of export since I haven't |
4 |
> restarted apache2 yet? |
5 |
|
6 |
If apache keeps the certificate file open after reading it (I doubt |
7 |
that's the case, but if you have lsof installed you should check just to |
8 |
make sure) and you didn't restart it, you could try this method: |
9 |
|
10 |
http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data |
11 |
|
12 |
Otherwise, assuming you're on ext2/ext3, ext3undel works quite well, |
13 |
*provided that you stop any writes to the affected volume ASAP*, e.g. by |
14 |
remounting it read-only. |
15 |
|
16 |
If the data hasn't been overwritten, carving tools should work too, as |
17 |
the ASCII-armor of the certificate provides an easily recognizable |
18 |
pattern and the file is almost certainly small enough to fit within a |
19 |
single FS block. |
20 |
|
21 |
andrea |