Re: SSL certificate pass phase in apache

From: Björn Bergstrand <bjorn@xxxxxxxxxxxx>
Date: Fri, 23 Feb 2007 17:29:09 +0100

I dont know about normaly, but if you have a password protected private key
you need to have somebody around to punch the passphrase in when the webserver restarts

Hi all
I know that I can remove password of my private key using this command:
openssl rsa -in foo_key.pem -out foo_keyclear.pem

But,I don't like this,because I should save private key without any protection on server,and if sombody access this file,he can easily generate a dummy "valid certificate" from same Issuer.
Is this the way that normally used on servers for thier SSL?
They won't use:
SSLPassPhaseDialog exec:cert/passgenerator
for sending pass to apache and then protect that pass generator?

Regards

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse. Arm your
enterprise with BigFix, the single converged IT security and operations
engine. BigFix enables continuous discovery, assessment, remediation,
and enforcement for complex and distributed IT environments in real-time
from a single console.
Think what's next. Think BigFix.

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Follow-Ups:
- Re: SSL certificate pass phase in apache
  - From: Lars
- language for general risk analysis
  - From: Ken Kousky

References:
- Re: SSL certificate pass phase in apache
  - From: afshin_pir

Prev by Date: RE: General question
Next by Date: Re: Lotus Notes Encryption
Previous by thread: Re: SSL certificate pass phase in apache
Next by thread: language for general risk analysis
Index(es):
- Date
- Thread

Relevant Pages

Re: SSL certificate pass phase in apache
... I know that I can remove password of my private key using this command: ... But,I don't like this,because I should save private key without any protection on server,and if sombody access this file,he can easily generate a dummy "valid certificate" from same Issuer. ... BigFix ...
(Security-Basics)
Re: SSL certificate pass phase in apache
... You essentially have to remove the passphrase from the private key. ... If your IT fails, you're out of business - or worse. ... Arm your enterprise with BigFix, the single converged IT security and operations engine. ...
(Security-Basics)