On Tue, 10 Aug 1999, Cliff Woolley wrote:
> Uhhmm... I think you've misunderstood something about the way the
> passphrases work? The FAQ you reference does not imply that the
> passphrase gets stored in the certificate. That would be really
> INsecure, since the certificate is handed over to the client upon SSL
> negotiation.
thanks for straightening me out. I probably would have started to wonder
what was going on when I sat down to do it and knowing this will
save me another layer of confusion.
> The FAQ says that you can either unencrypt the private key
> (ie, there is no passphrase), or you can use a program to provide the
> passphrase. Neither is more secure than the other if you set it up
> right, though, because to compromise either setup, a cracker would need
> root on your system, in which case neither setup can protect your
> private key.
Thanks - that helps too
Joe
--
Joseph Mack [EMAIL PROTECTED]
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
