[prev in list] [next in list] [prev in thread] [next in thread] 

List:       apache-modssl
Subject:    Re: Urgent: remove password from server cert?
From:       James Treworgy <jamie () trewtech ! com>
Date:       2000-05-31 15:10:02
[Download RAW message or body]

Add:

SSLPassPhraseDialog exec:(path to SSLpassphrasefile)

to httpd.conf

SSLpassphrasefile is:

#!/bin/sh
echo (passphrase)

Of course, this is a security risk, since you've got your pass phrase 
stored on the server itself in clear text. The consequences of that should 
be considered.  You could improve this a little by having your 
SSLPassphrasefile keep the passphrase in some encrypted form, and pass it 
the decryption key from httpd.conf which would at least require a hacker 
gain access to both files to get the pass phrase. But I can't think of a 
really secure way to accomplish this.

Jamie

At 05:06 PM 5/31/00 -0700, Paul wrote:
>In a sudden (and late) moment of epiphany, I just realized (while
>writing a note to our CSA to please put the new server's startup in the
>machines boot cycle) that when we reboot (*every* monday morning in the
>wee hours) it's not terribly likely that anyone's going to be around to
>feed the password to the startup query.
>
>This really needs to be automated.
>Help? =o)
>
>Paul
>=====

______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org


______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl)                   www.modssl.org
User Support Mailing List                      modssl-users@modssl.org
Automated List Manager                            majordomo@modssl.org

[prev in list] [next in list] [prev in thread] [next in thread]