Return-Path: Delivered-To: apmail-httpd-users-archive@httpd.apache.org Received: (qmail 81503 invoked by uid 500); 3 May 2003 15:29:53 -0000 Mailing-List: contact users-help@httpd.apache.org; run by ezmlm Precedence: bulk Reply-To: users@httpd.apache.org list-help: list-unsubscribe: list-post: Delivered-To: mailing list users@httpd.apache.org Received: (qmail 81490 invoked from network); 3 May 2003 15:29:53 -0000 Received: from smtp-out.comcast.net (24.153.64.113) by daedalus.apache.org with SMTP; 3 May 2003 15:29:53 -0000 Received: from icomcast.net (lb-ldap-155.icomcast.net [172.20.3.155]) by mtaout03.icomcast.net (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HEB00BHBHP72F@mtaout03.icomcast.net> for users@httpd.apache.org; Sat, 03 May 2003 11:29:31 -0400 (EDT) Received: from [172.20.3.196] by msgstore08.icomcast.net (mshttpd); Sat, 03 May 2003 11:29:31 -0400 Date: Sat, 03 May 2003 11:29:31 -0400 From: Travis Haddock To: users@httpd.apache.org Cc: groups@valis.net Message-id: <85efed85d42e.85d42e85efed@icomcast.net> MIME-version: 1.0 X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.14 (built Mar 18 2003) Content-type: text/plain; charset=us-ascii Content-language: en Content-transfer-encoding: 7BIT Content-disposition: inline X-Accept-Language: en X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N Subject: Re: [users@httpd] SSL boot up This is really more an OS issue. On WinNT/2k servers, if the key file is still enrypted, the Apache service will not complete the autostartup and appears to 'hang'. During startup, the Apache service reaches a point where tries to read the key file, finds it encrypted, and so prompts for the pass phrase. Unfortunately, no display prompt is presented to the user, so it just sits waiting for a reply that will never come. This has been the case on all our WinNT servers but it's never been an issue on our Unix servers. Of course, unencrypting the key file does make it readable by anyone, so you should at least set security on the key file's directory. ----- Original Message ----- From: Doug Groves Date: Friday, May 2, 2003 2:01 pm Subject: [users@httpd] SSL boot up > Somebody had posted a question about having Apache autobooting in > SSL (bypassing the key phrase input). No one answered, and since > I want to do the same thing, I thought I'd share this link on the > subject at apache.org ... and ask a quick question regarding it > > http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html > > Basically, it says the following... > ------- > Remove the encryption from the RSA private key (while preserving the > original file): > > $ cp server.key server.key.org > > $ openssl rsa -in server.key.org -out server.key > Make sure the server.key file is now only readable by root: > > $ chmod 400 server.key > ------- > > Now, for my question. Is this a method many people use? I've > never had the need for SSL the last time I installed Apache (a > couple of years back). Has anyone heard of any security exploit > regarding this method? > > The server I've set up includes SSL, although at the moment > none of the hosts on it require SSL for financial transactions > (just secure webmail access). > > Just wanted to get the opinions of people who know more than I > do before I try it... > > Thanks > > > > ------------------------------------------------------------------- > -- > The official User-To-User support forum of the Apache HTTP Server > Project.See target="l">http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org > " from the digest: users-digest-unsubscribe@httpd.apache.org > For additional commands, e-mail: users-help@httpd.apache.org > > --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See for more info. To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org " from the digest: users-digest-unsubscribe@httpd.apache.org For additional commands, e-mail: users-help@httpd.apache.org