httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Aaron Dalton <aa...@daltons.ca>
Subject Re: [users@httpd] SSL pass phrase
Date Tue, 16 Oct 2007 21:49:46 GMT
On Tue, 16 Oct 2007, William A. Rowe, Jr. wrote:

> Aaron Dalton wrote:
>> 
>> AFAIK there is no way around this.  If you do not want Apache to wait for a 
>> pass phrase, you have to strip the private key of encryption.  This of 
>> course has multiple security problems, but I'm afraid those are your only 
>> options that I am aware of.
>> 
>> $ openssl rsa -in encryptedkey.pem -out strippedkey.pem
>
> Of course providing a passphrase response program introduces just as many
> (if not more) security problems.  Your best bet is to make certain that
> strippedkey.pem is previously touch'ed, chmod'ded 600 and owned by root
> before you invoke the command, above.
>

Many Unixes (such as FreeBSD) allow you to chmod 000 a file and root can 
still access and modify it.  It works on my box anyway.

-- 
Aaron Dalton
http://perlkonig.com


---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message