Re: SSL certificate pass phase in apache

[Björn Bergstrand <bjorn () favoptic com>]

I dont know about normaly, but if you have a password protected private key
you need to have somebody around to punch the passphrase in when the webserver restarts

> Hi all
> I know that I can remove password of my private key using this command:
> openssl rsa -in foo_key.pem -out foo_keyclear.pem
>
> But,I don't like this,because I should save private key without any protection on server,and if sombody access this 
> file,he can easily generate a dummy "valid certificate" from same Issuer.
> Is this the way that normally used on servers for thier SSL?
> They won't use: 
> SSLPassPhaseDialog exec:cert/passgenerator
> for sending pass to apache and then protect that pass generator?
>
> Regards
>
> ---------------------------------------------------------------------------
> This list is sponsored by: BigFix
>
> If your IT fails, you're out of business - or worse.  Arm your 
> enterprise with BigFix, the single converged IT security and operations 
> engine. BigFix enables continuous discovery, assessment, remediation, 
> and enforcement for complex and distributed IT environments in real-time 
> from a single console.
> Think what's next. Think BigFix. 
>
> http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
> ---------------------------------------------------------------------------

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------