At 11:31 AM 8/26/00 -0700, Rob Tanner wrote:
>--On 08/26/00 18:51:31 +0200 Stas Bekman <[EMAIL PROTECTED]> wrote:
>
>>Heh, obviously you have to supply the password on the server startup,
>>unless you use one of the workarounds described in the ssl docs
>>(secured utility that feeds the passwd is the best IMHO).
[snipped...]
Actually I think that the best is a hardware SSL solution that also stores
the certificate inside of itself. It's really nice because the hardware
does the SSL for you so the web server never needs the cert. And once
you've set up the hardware, you are supposed to be able to simply flip a
jumper and then the cert is no longer readable or writable since it's
stored in the SSL card itself.
I believe that several of the flavors of SSL accelerator provide this
capability. Plus they lower the calculation latency of establishing the SSL
connection because they accelerate the public/private key exchange part of
the SSL protocol. Usually this isn't so big a deal for most sites though.
I may be wrong though.