Re: SSL certificate pass phase in apache

---

• From: Björn Bergstrand <bjorn@xxxxxxxxxxxx>
• Date: Fri, 23 Feb 2007 17:33:33 +0100

---

Oops, did not read your email at all it seems.
But if someone could get their hands on the passgenerator, they'd be able to access the key anyhow?

Hi all
I know that I can remove password of my private key using this command:
openssl rsa -in foo_key.pem -out foo_keyclear.pem

But,I don't like this,because I should save private key without any protection on server,and if sombody access this file,he can easily generate a dummy "valid certificate" from same Issuer.
Is this the way that normally used on servers for thier SSL?
They won't use:
SSLPassPhaseDialog exec:cert/passgenerator
for sending pass to apache and then protect that pass generator?

Regards

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

---

• References:
  • Re: SSL certificate pass phase in apache
    • From: afshin_pir

• Prev by Date: Re: Re: Security Simplification
• Next by Date: Vulnerability scanner review/comparison
• Previous by thread: Re: SSL certificate pass phase in apache
• Next by thread: Re: SSL certificate pass phase in apache
• Index(es):
  • Date
  • Thread

---

Relevant Pages RE: Security Simplification ... Subject: Security Simplification ... BigFix ... engine. ... BigFix enables continuous discovery, assessment, remediation, ... (Security-Basics) Re: Hacking Book / Information ... I am looking for a good book of hacking. ... BigFix ... BigFix enables continuous discovery, assessment, remediation, ... (Security-Basics) Re: Overwriting an uninitialized local variable in PHP ... BigFix ... BigFix enables continuous discovery, assessment, remediation, ... and enforcement for complex and distributed IT environments in real-time ... (Security-Basics) RE: General question ... a senior partner asked my boss why morale in our department ... than you the security analyst because they DO MORE THINGS? ... BigFix ... and operations engine. ... (Security-Basics) RE: General question ... Information Security Manager ... BigFix ... engine. ... (Security-Basics)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(18)