httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Travis Haddock <travis.hadd...@comcast.net>
Subject Re: [users@httpd] SSL boot up
Date Sat, 03 May 2003 15:29:31 GMT
This is really more an OS issue.

On WinNT/2k servers, if the key file is still enrypted, the Apache 
service will not complete the autostartup and appears to 'hang'.

During startup, the Apache service reaches a point where tries to read 
the key file, finds it encrypted, and so prompts for the pass phrase. 
Unfortunately, no display prompt is presented to the user, so it just 
sits waiting for a reply that will never come.

This has been the case on all our WinNT servers but it's never been an 
issue on our Unix servers.

Of course, unencrypting the key file does make it readable by anyone, 
so you should at least set security on the key file's directory.


----- Original Message -----
From: Doug Groves <groups@valis.net>
Date: Friday, May 2, 2003 2:01 pm
Subject: [users@httpd] SSL boot up

> Somebody had posted a question about having Apache autobooting in
> SSL (bypassing the key phrase input).  No one answered, and since
> I want to do the same thing, I thought I'd share this link on the
> subject at apache.org ... and ask a quick question regarding it
> 
> http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html
> 
> Basically, it says the following...
> -------
>  Remove the encryption from the RSA private key (while preserving the
> original file):
>   > $ cp server.key server.key.org
>   > $ openssl rsa -in server.key.org -out server.key
>  Make sure the server.key file is now only readable by root:
>   > $ chmod 400 server.key
> -------
> 
> Now, for my question.  Is this a method many people use?  I've
> never had the need for SSL the last time I installed Apache (a
> couple of years back).  Has anyone heard of any security exploit
> regarding this method?
> 
> The server I've set up includes SSL, although at the moment
> none of the hosts on it require SSL for financial transactions
> (just secure webmail access).
> 
> Just wanted to get the opinions of people who know more than I
> do before I try it...
> 
> Thanks
> 
> 
> 
> -------------------------------------------------------------------
> --
> The official User-To-User support forum of the Apache HTTP Server 
> Project.See <URL:" 
> target="l">http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
> 
> 


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message