Joe,
Can you not just have the script that you are passing the passphrases from respond
to all request for a passphrase (I believe it asks for the passphrases in order
(besides, it gives you the server name also))? That is how I understood it when
reading the manual.
Alternatively, if you're happy with your systems security you can remove the
passphrase from your keys (remember that if you backup to tape and someone gets a
hold of your tape, they then have the ability to impersonate your server(s) as
they have the key (no passphrase) and the cert (remember anyone who steals your
backup can reinstate it on a machine of their choice and steal you data at
leisure).
Hope this helps,
Del.
Joseph Mack wrote:
> On Tue, 10 Aug 1999, Ralf S. Engelschall wrote:
>
> I have different passphrases for each server. I want the servers to come
> up on bootup without being prompted for a passphrase so in the mod_ssl
> section I point to a script that echoes a passphrase. There is only space
> in the mod_ssl section for one passphrase script. How do I start multiple
> secure servers this way? Should I change to have the same passphrase for
> all servers? I forget whether this passphrase is part of the private key
> that is used to make the certificates, or if it is just to start the
> servers. If it is used to make the certificates I would like to have
> a different passphrase for each server.
>
> PS I'm using your counter module. Thanks for writing it. I have about 60
> IP based virtual hosts each with an index.html file below its own
> DocumentRoot. Any time that one of the index.html files is accessed, the
> counter for all of the index.html files is incremented. Do you know what
> I've done wrong?
>
> Thank you
> Joe
>
> > On Mon, Aug 09, 1999, Joseph Mack wrote:
> >
> > > have configured two secure (virtual) IP based servers in my httpd.conf,
> > > each with their own certificate entries and ssl-passphrase entries. Each
> > > secure site works OK when run by itself.
> > >
> > > I assume I can run the two secure servers by using separate virtual host
> > > entries but what do I do about having two different ssl-passphrase
> > > entries?
> > >
> > > There is only one place for these, in the mod-ssl.c section, and I need
> > > two entries (or some other way of thinking about it)
> > >
> > > am using
> > > linux/apache-1.3.4-modssl-(somenumber)
> >
> > Sorry, I do not understand your problem. The pass phrases are not specified
> > anywhere in the config - all you usually specify is the pass phrase dialog
> > type. All you've to do is to place your two servers into two separate
> > <VirtualHost> sections, add the corresponding Listen and mod_ssl should
> > automatically recognize the second cert/key pair and ask you for both pass
> > phrases (or just once for both assuming they have the same pass phrase). Or
> > did I totally misunderstood you now?
>
> >
> > Ralf S. Engelschall
> > [EMAIL PROTECTED]
> > www.engelschall.com
> > ______________________________________________________________________
> > Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> > User Support Mailing List [EMAIL PROTECTED]
> > Automated List Manager [EMAIL PROTECTED]
> >
>
> --
> Joseph Mack [EMAIL PROTECTED]
>
> ______________________________________________________________________
> Apache Interface to OpenSSL (mod_ssl) www.modssl.org
> User Support Mailing List [EMAIL PROTECTED]
> Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
