Uhhmm... I think you've misunderstood something about the way the
passphrases work? The FAQ you reference does not imply that the
passphrase gets stored in the certificate. That would be really
INsecure, since the certificate is handed over to the client upon SSL
negotiation. The FAQ says that you can either unencrypt the private key
(ie, there is no passphrase), or you can use a program to provide the
passphrase. Neither is more secure than the other if you set it up
right, though, because to compromise either setup, a cracker would need
root on your system, in which case neither setup can protect your
private key.
-Cliff
Cliff Woolley
Central Systems Software Administrator
Washington and Lee University
http://www.wlu.edu/~jwoolley/
Work: (540) 463-8089
Pager: (540) 462-3472
>>> Charles Tassell <[EMAIL PROTECTED]> 08/10/99 12:11PM >>>
I would recommend just storing the passphrase in the certificates,
it's
more secure than having a script with the password encoded in it
(unless
it's a very impressive script, at least.) You can fidn instructions on
how
to do that at this URL:
http://www.modssl.org/docs/2.3/ssl_faq.html#ToC25
At 07:57 AM 8/10/99, you wrote:
>On Tue, 10 Aug 1999, Ralf S. Engelschall wrote:
>
>I have different passphrases for each server. I want the servers to
come
>up on bootup without being prompted for a passphrase so in the
mod_ssl
>section I point to a script that echoes a passphrase. There is only
space
>in the mod_ssl section for one passphrase script. How do I start
multiple
>secure servers this way? Should I change to have the same passphrase
for
>all servers? I forget whether this passphrase is part of the private
key
>that is used to make the certificates, or if it is just to start the
>servers. If it is used to make the certificates I would like to have
>a different passphrase for each server.
>
>PS I'm using your counter module. Thanks for writing it. I have about
60
>IP based virtual hosts each with an index.html file below its own
>DocumentRoot. Any time that one of the index.html files is accessed,
the
>counter for all of the index.html files is incremented. Do you know
what
>I've done wrong?
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
