Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 48611 invoked by uid 500); 19 Mar 2003 12:05:49 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 48596 invoked from network); 19 Mar 2003 12:05:48 -0000 Received: from ns0a.swx.com (146.109.240.107) by daedalus.apache.org with SMTP; 19 Mar 2003 12:05:48 -0000 Received: from gate0a.unix.swx.ch (gate0a [192.168.252.17]) by ns0a.swx.com (8.12.8/8.12.6) with ESMTP id h2JC5lRH003818 for ; Wed, 19 Mar 2003 13:05:47 +0100 (MET) Received: from SOMEXEVS001.ex.ordersx.org ([127.0.0.1]) by gate0a.unix.swx.ch (8.12.6/8.12.6) with ESMTP id h2JC5jmM009998 for ; Wed, 19 Mar 2003 13:05:46 +0100 (MET) content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4910.0300 Date: Wed, 19 Mar 2003 13:05:45 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: [users@httpd] New to SSL Priority: normal Importance: normal Thread-Index: AcLuCgx6aFpYYIntR0qZSD/kE10BgQABKBhA From: "Boyle Owen" To: X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: RE: [users@httpd] New to SSL >-----Original Message----- >From: Scott Taylor [mailto:scott@dctchambers.com] >Sent: Mittwoch, 19. M=E4rz 2003 12:23 >To: users@httpd.apache.org >Subject: [users@httpd] New to SSL > > >Hello, > >I added my own signed certificate to this server and I'm=20 >wondering if this=20 >is normal for startup or did I do something wrong/unnecessary? It's=20 >running on Mandrake Linux 9.0. This dialogue only shows up in=20 >the log not=20 >when running the startup script /etc/rc.d/init.d/httpd start > >First time I thought I broke it because it just sat there with=20 >"Starting=20 >HTTPD:". It was only by reading the log did I realize it was=20 >waiting from=20 >input. You could remove the passphrase (see http://www.modssl.org/docs/2.8/ssl_faq.html#ToC31 for instructions). To be clear about what the passphrase is for: It prevents anyone impersonating your site *even if* they steal your certificate (i.e. private key). It doesn't make SSL "more secure" or anything like that... If you are pretty sure that no-one can gain access to your SSL webserver, then you don't need the passphrase. Don't bother with any scripts which feed the passphrase in when required - they defeat the whole purpose since the script has to know the passphrase so anyone who can steal the cert can steal the script too. Sometimes you get people complaining that they need the passphrase because "I want to protect the cert from other users on the server". My question would be, "what on earth are you doing letting other users run around on a public SSL server!" Rgds, Owen Boyle Disclaimer: Any disclaimer attached to this message may be ignored.=20 > >Well, that was months ago now. This morning I had a hardware=20 >failure and=20 >the server rebooted and just sits at the spot where httpd=20 >starts up because=20 >it is waiting for user input of the pass phrase. Is there anything I=20 >should do (should have done) different? It's a bit of a pain,=20 >but if it's=20 >the secure way to do it I guess I can come in at 2AM to=20 >restart it if needs=20 >be (seldom ever happens). > >Cheers. > > >Mar 19 02:42:34 mustang httpd: Apache-AdvancedExtranetServer/1.3.26=20 >mod_ssl/2.8.10 (Pass Phrase Dialog) >Mar 19 02:42:34 mustang httpd: Some of your private key files=20 >are encrypted=20 >for security reasons. >Mar 19 02:42:34 mustang httpd: In order to read them you have=20 >to provide us=20 >with the pass phrases. > > >Scott > > >--------------------------------------------------------------------- >The official User-To-User support forum of the Apache HTTP=20 >Server Project. >See for more info. >To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org >For additional commands, e-mail: users-help@httpd.apache.org > > This message is for the named person's use only. It may contain confidential, proprietary or legally privileged information. No confidentiality or privilege is waived or lost by any mistransmission. If you receive this message in error, please notify the sender urgently and then immediately delete the message and any copies of it from your system. Please also immediately destroy any hardcopies of the message. You must not, directly or indirectly, use, disclose, distribute, print, or copy any part of this message if you are not the intended recipient. The sender's company reserves the right to monitor all e-mail communications through their networks. Any views expressed in this message are those of the individual sender, except where the message states otherwise and the sender is authorised to state them to be the views of the sender's company.=20 --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org