httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Lyon <mike.l...@gmail.com>
Subject Re: [users@httpd] Shell Script to automatically start Apache with SSL passphrase?
Date Tue, 28 Apr 2009 06:05:26 GMT
So I would be able to create new keys without having to get new certs?

Thanks,
Mike


On Mon, Apr 27, 2009 at 10:25 PM, Krist van Besien <
krist.vanbesien@gmail.com> wrote:

> On Tue, Apr 28, 2009 at 1:16 AM, Mike Lyon <mike.lyon@gmail.com> wrote:
> > It's another link in the security of that certificate... I'd prefer to
> keep
> > it. It guarantees continuity from the creation of the CSR until you get
> the
> > cert back from the CA.
>
> The passphrase is on the key, not the certificate. The key should
> never leave your server. You could have created your original key
> without a passphrase even, and the CA wouldn't have known it.
>
> Having the certificate itself encrypted is pointless, as you will be
> handing it out to anyone contacting your server.
>
> Krist
>
> --
> krist.vanbesien@gmail.com
> krist@vanbesien.org
> Bremgarten b. Bern, Switzerland
> --
> A: It reverses the normal flow of conversation.
> Q: What's wrong with top-posting?
> A: Top-posting.
> Q: What's the biggest scourge on plain text email discussions?
>
> ---------------------------------------------------------------------
> The official User-To-User support forum of the Apache HTTP Server Project.
> See <URL:http://httpd.apache.org/userslist.html> for more info.
> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
> For additional commands, e-mail: users-help@httpd.apache.org
>
>

Mime
View raw message