My idea is to build a apachectl which ask the first time for the passphrase and stores it in a temporarily file. After all servers are startet, it deletes the file (e.g . via at-job after 5-10 minutes). So there is no script with a stored passphrase on disk (exept the cache or memory ;-(
For security it is not the best solution, but I understood that the problem was to start several servers at the same time. Wolfgang Owen Boyle wrote: > Now, if you make a script to feed the pass-phrase to the server on boot, > what point is there in having the pass-phrase? The hacker, while > stealing the cert, might as well steal the pass-phrase from the script. > he has to have root access to get the cert in the first place so it's no > problem for him to get the script too. ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
