You are viewing a plain text version of this content. The canonical link for it is here.

Posted to users@httpd.apache.org by Doug Groves <gr...@valis.net> on 2003/05/02 20:01:12 UTC

[users@httpd] SSL boot up

Somebody had posted a question about having Apache autobooting in
SSL (bypassing the key phrase input).  No one answered, and since
I want to do the same thing, I thought I'd share this link on the
subject at apache.org ... and ask a quick question regarding it

http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html

Basically, it says the following...
-------
  Remove the encryption from the RSA private key (while preserving the
original file):
   > $ cp server.key server.key.org
   > $ openssl rsa -in server.key.org -out server.key
  Make sure the server.key file is now only readable by root:
   > $ chmod 400 server.key
-------

Now, for my question.  Is this a method many people use?  I've
never had the need for SSL the last time I installed Apache (a
couple of years back).  Has anyone heard of any security exploit
regarding this method?

The server I've set up includes SSL, although at the moment
none of the hosts on it require SSL for financial transactions
(just secure webmail access).

Just wanted to get the opinions of people who know more than I
do before I try it...

Thanks



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
   "   from the digest: users-digest-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org