httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Eric Covener" <>
Subject Re: [users@httpd] How to start Apache automatically with certificate?
Date Fri, 29 Aug 2008 11:45:12 GMT
On Fri, Aug 29, 2008 at 2:05 AM, Joseph S D Yao <> wrote:

> Even if 'httpd' is still running as root when reading the cert, and so
> able to use it, it is still a bad idea to have it OWNED by root - you
> still have to have super-user powers to maintain it.  Bad, bad, bad,
> bad, bad.

You should need superuser access to read, much less modify, a
[unencrypted] private key used by Apache.

> and so the uncloaked cert files should be stored as
> read-only by "apache".

This is criminally negligent advice, as the userid used for
request-processing shouldn't be able to read this confidential data.

Eric Covener

The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message