diff --git a/httpd-ssl-pass-dialog b/httpd-ssl-pass-dialog
new file mode 100755
index 0000000..1e850cd
--- /dev/null
+++ b/httpd-ssl-pass-dialog
@@ -0,0 +1,3 @@
+#!/bin/sh
+
+exec /bin/systemd-ask-password "Enter SSL pass phrase for $1 ($2) : "
diff --git a/httpd.spec b/httpd.spec
index 0d55ae6..c5cf7d9 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -8,13 +8,14 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.2.19
-Release: 2%{?dist}
+Release: 3%{?dist}
 URL: http://httpd.apache.org/
 Source0: http://www.apache.org/dist/httpd/httpd-%{version}.tar.gz
 Source1: index.html
 Source3: httpd.logrotate
 Source4: httpd.init
 Source5: httpd.sysconf
+Source6: httpd-ssl-pass-dialog
 Source10: httpd.conf
 Source11: ssl.conf
 Source12: welcome.conf
@@ -304,6 +305,11 @@ mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 install -m755 $RPM_SOURCE_DIR/httpd.init \
 	$RPM_BUILD_ROOT/etc/rc.d/init.d/httpd
 
+# install http-ssl-pass-dialog
+mkdir -p $RPM_BUILD_ROOT/%{_libexecdir}
+install -m755 $RPM_SOURCE_DIR/httpd-ssl-pass-dialog \
+	$RPM_BUILD_ROOT/%{_libexecdir}/httpd-ssl-pass-dialog
+
 # install log rotation stuff
 mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d
 install -m 644 -p $RPM_SOURCE_DIR/httpd.logrotate \
@@ -436,6 +442,7 @@ rm -rf $RPM_BUILD_ROOT
 %{_sbindir}/ht*
 %{_sbindir}/apachectl
 %{_sbindir}/rotatelogs
+
 # cap_dac_override needed to write to /var/log/httpd
 %caps(cap_setuid,cap_setgid,cap_dac_override+pe) %attr(510,root,%{suexec_caller}) %{_sbindir}/suexec
 
@@ -483,6 +490,7 @@ rm -rf $RPM_BUILD_ROOT
 %attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.dir
 %attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.pag
 %attr(0600,apache,root) %ghost %{_localstatedir}/cache/mod_ssl/scache.sem
+%{_libexecdir}/httpd-ssl-pass-dialog
 
 %files devel
 %defattr(-,root,root)
@@ -494,6 +502,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_libdir}/httpd/build/*.sh
 
 %changelog
+* Wed Aug 10 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-3
+- fix #707917 - add httpd-ssl-pass-dialog to ask for SSL password using systemd
+
 * Wed Jul 20 2011 Jan Kaluza <jkaluza@redhat.com> - 2.2.19-2
 - fix #716621 - suexec now works without setuid bit
 - fix #689091 - backported patch from 2.3 branch to support IPv6 in logresolve
diff --git a/ssl.conf b/ssl.conf
index 384c354..d335c89 100644
--- a/ssl.conf
+++ b/ssl.conf
@@ -28,7 +28,7 @@ Listen 443
 #   Configure the pass phrase gathering process.
 #   The filtering dialog program (`builtin' is a internal
 #   terminal dialog) has to provide the pass phrase on stdout.
-SSLPassPhraseDialog  builtin
+SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
 
 #   Inter-Process Session Cache:
 #   Configure the SSL Session Cache: First the mechanism