Dave wrote:
> when I started the binary 'perlhttpdctl
> startssl' (mod_perl is compiled in as well), I was prompted for my PEM pass
> phrase which I entered and all is well, but what happens when I reboot this
> server? I am not always physically at the machine when it is rebooted or
> powered down/up and I was wondering if there was a way I could automate
> this through /etc/init.d (rc startup scripts)?
This whole idea of the pass-phrase is a bit debatable... The idea is
that even if a bad guy steals your certificate and sets up a fake
version of your site on his own server, he still can't start it up and
impersonate your site. If you are pretty sure no-one can steal your
certificate, do you really need a pass-phrase?
If you don't need it, you can remove it;
http://www.modssl.org/docs/2.3/ssl_faq.html#ToC25
Another approach is to have a script that echoes the pass-phrase at boot
(described in the above FAQ). Personally, I think that is a pointless
exercise since the script needs to know the pass-phrase and if a hacker
can get your certificate, he can get the script... Some people keep the
script on a floppy which they insert manually at boot - in which case
they might as well type in the pass-phrase.
I prefer to protect my machine from intrusion so no-one can look at any
files that they're not supposed to.
Rgds (starting another flame-war..),
Owen Boyle.
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
