On Thu, Aug 28, 2008 at 2:53 PM, Joseph S D Yao <jsdy@xxxxxxx> wrote: > On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao wrote: >> Ok, ic I can simply remove the passphrase, and provided the new key be readabale by root only, I should not have any security problems... is it simply remove it? or any other settings, configuratios, re-installation? >> > > It should not be owned by root, because you should not be running your > server as root. You should be running your servers as some other user, > say, "apache", and so the uncloaked cert files should be stored as > read-only by "apache". root-owned private key sure sounds wiser to me. > Why should nothing be owned by root? Because then manipulating it must > be done by root. There are lots of files you don't want to be owned, or modifiable, by non-root users. This is a good thing. -- Eric Covener covener@xxxxxxxxx --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx " from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|