Bob Cohen wrote:
dan wrote: > This is covered in mod_ssl's FAQ. This would apply to you if you'reusing mod_ssl: http://www.modssl.org/docs/2.7/ssl_faq.html#remove-passphraseThank you Dan. I guess it isn't such a good idea to do this, eh? It's just that I've got an awful memory, occasional power outages, and a e-commerce program that relies on the secure server running to work.Bob
Bob -It's not as insecure as one might thing. Remember that there are other ways to secure the server. If you make sure no one else has access to the key, you are in no danger. I've been in your situation a number of times, and found this to be appropriate for most every time.
There's also a way, from within Apache, to run an external program that generates the key and uses that as an argument to Apache's startup procedure, which alleviates the problem that we're talking about. But by doing stuff that way, too, you have to make sure no one else has access to that program.
Thanks -dant --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|