Re: SSL pass phrase

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Aaron Dalton wrote:

AFAIK there is no way around this. If you do not want Apache to wait for a pass phrase, you have to strip the private key of encryption. This of course has multiple security problems, but I'm afraid those are your only options that I am aware of.

$ openssl rsa -in encryptedkey.pem -out strippedkey.pem

Of course providing a passphrase response program introduces just as many
(if not more) security problems.  Your best bet is to make certain that
strippedkey.pem is previously touch'ed, chmod'ded 600 and owned by root
before you invoke the command, above.

Provided you start apache as root and have it setuid to another
User/Group, this is the safest course.  The certs/keys will be slurped up
during the config phase, and while the server is running no cgi would have
access to its contents.

Bill

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
  "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx


[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux