httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jeff Sadowski <jeff.sadow...@gmail.com>
Subject Re: [users@httpd] Shell Script to automatically start Apache with SSL passphrase?
Date Tue, 28 Apr 2009 06:34:30 GMT
On Tue, Apr 28, 2009 at 12:05 AM, Mike Lyon <mike.lyon@gmail.com> wrote:
> So I would be able to create new keys without having to get new certs?
>

Read the howto on how to change the passphrase on your key. I seem to
recall changing the passphrase being possible. I also seem to recall
there being a stage with the key has no passphrase. If you bought
certs for that key you should try this if not replace all your certs.

> Thanks,
> Mike
>
>
> On Mon, Apr 27, 2009 at 10:25 PM, Krist van Besien
> <krist.vanbesien@gmail.com> wrote:
>>
>> On Tue, Apr 28, 2009 at 1:16 AM, Mike Lyon <mike.lyon@gmail.com> wrote:
>> > It's another link in the security of that certificate... I'd prefer to
>> > keep
>> > it. It guarantees continuity from the creation of the CSR until you get
>> > the
>> > cert back from the CA.
>>
>> The passphrase is on the key, not the certificate. The key should
>> never leave your server. You could have created your original key
>> without a passphrase even, and the CA wouldn't have known it.
>>
>> Having the certificate itself encrypted is pointless, as you will be
>> handing it out to anyone contacting your server.
>>
>> Krist
>>
>> --
>> krist.vanbesien@gmail.com
>> krist@vanbesien.org
>> Bremgarten b. Bern, Switzerland
>> --
>> A: It reverses the normal flow of conversation.
>> Q: What's wrong with top-posting?
>> A: Top-posting.
>> Q: What's the biggest scourge on plain text email discussions?
>>
>> ---------------------------------------------------------------------
>> The official User-To-User support forum of the Apache HTTP Server Project.
>> See <URL:http://httpd.apache.org/userslist.html> for more info.
>> To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
>>   "   from the digest: users-digest-unsubscribe@httpd.apache.org
>> For additional commands, e-mail: users-help@httpd.apache.org
>>
>
>

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message