httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Boyle Owen" <>
Subject RE: [users@httpd] ssl and passphrase
Date Tue, 08 Oct 2002 08:07:08 GMT
This issue comes up frequently on the mod_ssl list and it usually boils down to a choice: to
pass-phrase or not to passphrase...

In order to decide what is right for you, you have to consider what the passphrase mechanism
actually does: it forces the server administrator to authorise the use of the server certificate
(which contains the private key). The purpose of this is to prevent someone, who has somehow
stolen your server cert, from masquerading as your site. The idea is that even if he is in
possession of your cert, he still cannot start a server with it.

Initially, this seems a good idea. However, since the cert is stored on the web server with
permissions 400 (-r--------) and is owned by root, in order to steal the cert in the first
place, the hacker has to have root access. Now hang on, this is an SSL server! So you have
a hacker who has root access on your live SSL server and you're worried about him stealing
your cert and impersonating your site? This seems to me to be the least of your worries...

The complication of having to type in the passphrase is immense - it renders automatic startup
of the server impossible. As has been pointed out, the "workaround" of a feeder script sending
the passphrase when required is pointless, since it just shifts the security from the cert
to the script.

My conclusion is that the passphrase is unnecessary and, worse, provides a false sense of
security - an intruder with root access on a live SSL server is so dangerous that you won't
have to worry about future impersonations since your site will be out of business anyway!

>-----Original Message-----
>From: Bryan Koschmann - GKT []
>Sent: Montag, 7. Oktober 2002 19:53
>To: Apache Users
>Subject: [users@httpd] ssl and passphrase
>I'm just starting to get SSL setup on my server, and as I was reading
>through a tutorial at apacheworld, I came across the passphrase issue.
>What I see is that if I don't use it, it is very insecure, but 
>the problem
>is if I do implement it, if I have to reboot I'll have to jet 
>down to our
>noc and type it in.
>I see you can exec a program to output the passphrase, so I'm wondering
>what ways some of you have implemented this? I look forward to any
>information you can spare.
>	Bryan
>The official User-To-User support forum of the Apache HTTP 
>Server Project.
>See <URL:> for more info.
>To unsubscribe, e-mail:
>   "   from the digest:
>For additional commands, e-mail:

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message