[Re: [lug] Apache + SSL]

Justin glowecon at netscape.net
Thu Aug 17 12:37:17 MDT 2000


Is this common practice making server keys without passphrases? Or is it
relatively insecure? I don't mind having to enter the passphrase. I'm just
trying to make it so the server can come back up on it's own in the case that
it crashed (but of course that never happens  :) or a power outage. Thanks
again for the help.

Justin
 
"Michael J. Pedersen" <marvin at keepthetouch.org> wrote:
> On Thu, Aug 17, 2000 at 10:52:45AM -0600, Justin wrote:
> > but whenever I start the script it hangs up. If I start apache manually
with
> > apachectl (apachectl startssl) it asks for my server passphrase (that I
used
> 
> This is the problem for you, right here. And you're not going to be able to
> avoid it very easily.
> 
> When you created your key, it asked you for a passphrase. Now, in order to
use
> that key, Apache must have the passphrase (so as to unlock it). Without a
> passphrase, you would never be asked for it, so your machine would bring up
> Apache just fine.
> 
> Solution? Regenerate another key. When asked for a passphrase, hit <ENTER>
> twice. Then lock down that key file (ie: chmod 0400 server.pem), and then
> lock down the box.
> 
> Wish I had a better one for you than that, but it's what's required.
> 
> -----
> Michael J. Pedersen
> Get GnuPG at http://www.gnupg.org
> My GnuPG Key Fingerprint: C31C 7E90 5992 9E5E 9A02 233D D8DD 985E 4E72 4A60
> My GnuPG Public Key Available At: http://www.keyserver.net

> --------------------------------------------- 
>	Attachment: application/pgp-signature 
>	MIME Type: application/pgp-signature 
> --------------------------------------------- 

____________________________________________________________________
Get your own FREE, personal Netscape WebMail account today at http://home.netscape.com/webmail




More information about the LUG mailing list