From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org)
	by finch.gentoo.org with esmtp (Exim 4.60)
	(envelope-from <gentoo-user+bounces-127055-garchives=archives.gentoo.org@lists.gentoo.org>)
	id 1Qtzap-0004Wn-Tz
	for garchives@archives.gentoo.org; Thu, 18 Aug 2011 10:12:56 +0000
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
	by pigeon.gentoo.org (Postfix) with SMTP id B238F21C340;
	Thu, 18 Aug 2011 10:12:22 +0000 (UTC)
Received: from smtp206.alice.it (smtp206.alice.it [82.57.200.102])
	by pigeon.gentoo.org (Postfix) with ESMTP id CBA3321C117
	for <gentoo-user@lists.gentoo.org>; Thu, 18 Aug 2011 10:09:50 +0000 (UTC)
Received: from infra.agr.fm (87.9.72.252) by smtp206.alice.it (8.5.124.08)
        id 4E4BBF77000F249F for gentoo-user@lists.gentoo.org; Thu, 18 Aug 2011 12:09:50 +0200
Received: from star.agr.fm (star.agr.fm [192.168.64.2])
	by infra.agr.fm (Postfix) with ESMTP id 21F6C5DD9D1
	for <gentoo-user@lists.gentoo.org>; Thu, 18 Aug 2011 12:09:50 +0200 (CEST)
Message-ID: <4E4CE4ED.8050504@alyf.net>
Date: Thu, 18 Aug 2011 12:09:49 +0200
From: Andrea Conti <alyf@alyf.net>
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.6; rv:5.0) Gecko/20110624 Thunderbird/5.0
Precedence: bulk
List-Post: <mailto:gentoo-user@lists.gentoo.org>
List-Help: <mailto:gentoo-user+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-user+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-user+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-user.gentoo.org>
X-BeenThere: gentoo-user@lists.gentoo.org
Reply-to: gentoo-user@lists.gentoo.org
MIME-Version: 1.0
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] {OT} Can I retrieve my SSL key?
References: <CAN0CFw0qpWXynPAKBRE+HQ2OrCLTad4GLvojAppSUJa29Q2ukA@mail.gmail.com>
In-Reply-To: <CAN0CFw0qpWXynPAKBRE+HQ2OrCLTad4GLvojAppSUJa29Q2ukA@mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-Archives-Salt: 
X-Archives-Hash: b9e298389115d31bc4d5d0dcd3f34567

On 18/08/11 03.23, Grant wrote:
> I just accidentally overwrote my SSL certificate key.  Is there any
> way to retrieve it?  Possibly some sort of export since I haven't
> restarted apache2 yet?

If apache keeps the certificate file open after reading it (I doubt
that's the case, but if you have lsof installed you should check just to
make sure) and you didn't restart it, you could try this method:

http://computer-forensics.sans.org/blog/2009/01/27/recovering-open-but-unlinked-file-data

Otherwise, assuming you're on ext2/ext3, ext3undel works quite well,
*provided that you stop any writes to the affected volume ASAP*, e.g. by
remounting it read-only.

If the data hasn't been overwritten, carving tools should work too, as
the ASCII-armor of the certificate provides an easily recognizable
pattern and the file is almost certainly small enough to fit within a
single FS block.

andrea