Re: Shell Script to automatically start Apache with SSL passphrase?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Tue, Apr 28, 2009 at 12:05 AM, Mike Lyon <mike.lyon@xxxxxxxxx> wrote:
> So I would be able to create new keys without having to get new certs?
>

Read the howto on how to change the passphrase on your key. I seem to
recall changing the passphrase being possible. I also seem to recall
there being a stage with the key has no passphrase. If you bought
certs for that key you should try this if not replace all your certs.

> Thanks,
> Mike
>
>
> On Mon, Apr 27, 2009 at 10:25 PM, Krist van Besien
> <krist.vanbesien@xxxxxxxxx> wrote:
>>
>> On Tue, Apr 28, 2009 at 1:16 AM, Mike Lyon <mike.lyon@xxxxxxxxx> wrote:
>> > It's another link in the security of that certificate... I'd prefer to
>> > keep
>> > it. It guarantees continuity from the creation of the CSR until you get
>> > the
>> > cert back from the CA.
>>
>> The passphrase is on the key, not the certificate. The key should
>> never leave your server. You could have created your original key
>> without a passphrase even, and the CA wouldn't have known it.
>>
>> Having the certificate itself encrypted is pointless, as you will be
>> handing it out to anyone contacting your server.
>>
>> Krist
>>
>> --
>> krist.vanbesien@xxxxxxxxx
>> krist@xxxxxxxxxxxxx
>> Bremgarten b. Bern, Switzerland
>> --
>> A: It reverses the normal flow of conversation.
>> Q: What's wrong with top-posting?
>> A: Top-posting.
>> Q: What's the biggest scourge on plain text email discussions?
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
>>   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
>> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
>>
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux