UPDATE Re: SUMMARY: Apache2 w/ SSL

From: FH <fhouston_at_usa.net>
Date: Tue Mar 08 2005 - 15:03:31 EST
Just one minor quick addition.  If you follow the instructions below you'll
have to enter the pass phrase whenever you start the server.  If you want it
to come up automatically when the machine boots that can obviously be a bit
problematic ;)  Here's the work around from the apache.org site:

http://httpd.apache.org/docs-2.0/ssl/ssl_faq.html#removepassphrase
"How can I get rid of the pass-phrase dialog at Apache startup time?

The reason why this dialog pops up at startup and every re-start is that the
RSA private key inside your server.key file is stored in encrypted format for
security reasons. The pass-phrase is needed to be able to read and parse this
file. When you can be sure that your server is secure enough you perform two
steps:

   1. Remove the encryption from the RSA private key (while preserving the
original file):

      $ cp server.key server.key.org
      $ openssl rsa -in server.key.org -out server.key

   2. Make sure the server.key file is now only readable by root:

      $ chmod 400 server.key

Now server.key will contain an unencrypted copy of the key. If you point your
server at this file it will not prompt you for a pass-phrase. HOWEVER, if
anyone gets this key they will be able to impersonate you on the net. PLEASE
make sure that the permissions on that file are really such that only root or
the web server user can read it (preferably get your web server to start as
root but run as another server, and have the key readable only by root).

As an alternative approach you can use the ``SSLPassPhraseDialog
exec:/path/to/program'' facility. But keep in mind that this is neither more
nor less secure, of course."

------ Original Message ------
Received: Tue, 08 Mar 2005 01:34:22 PM EST
From: FH <fhouston@usa.net>
To: <sunmanagers@sunmanagers.org>
Subject: SUMMARY: Apache2 w/ SSL

> Despite the sarcastic remarks from "some" people ;) a lot of people
> asked for a summary/help as well.  There were a lot of good pointers
> and hints but the best/most succinct that helped me get it setup was
> from kuup who pointed me to this article
> http://www.securityfocus.com/infocus/1818.
>
> Thanks everyone
>
> ------ Original Message ------
> Received: Fri, 04 Mar 2005 05:31:45 AM EST
> From: "kuup" <jekvb@gmx.net>
> To: FH <fhouston@usa.net>
> Subject: Re: Apache2 w/ SSL "how to" instructions?
>
>
> > Hints/clues/suggestions?
> >
> > TIA
> > _______________________________________________
> > sunmanagers mailing list
> > sunmanagers@sunmanagers.org
> > http://www.sunmanagers.org/mailman/listinfo/sunmanagers
> >
>
> Hi,
>
> On securityfocus you'll find a pretty neat bunch of articles from Arthur
Maj
> about Apche2 and SSL.
> I'm sure you'll get the picture after reading that.
>
> Gr. Jan Kuba
>
> --
> DSL Komplett von GMX +++ Superg|nstig und stressfrei einsteigen!
> AKTION "Kein Einrichtungspreis" nutzen: http://www.gmx.net/de/go/dsl
> _______________________________________________
> sunmanagers mailing list
> sunmanagers@sunmanagers.org
> http://www.sunmanagers.org/mailman/listinfo/sunmanagers
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers
Received on Thu Mar 10 12:03:35 2005

This archive was generated by hypermail 2.1.8 : Thu Mar 03 2016 - 06:43:44 EST