So I would be able to create new keys without having to get new certs? Thanks, Mike
On Mon, Apr 27, 2009 at 10:25 PM, Krist van Besien < krist.vanbes...@gmail.com> wrote: > On Tue, Apr 28, 2009 at 1:16 AM, Mike Lyon <mike.l...@gmail.com> wrote: > > It's another link in the security of that certificate... I'd prefer to > keep > > it. It guarantees continuity from the creation of the CSR until you get > the > > cert back from the CA. > > The passphrase is on the key, not the certificate. The key should > never leave your server. You could have created your original key > without a passphrase even, and the CA wouldn't have known it. > > Having the certificate itself encrypted is pointless, as you will be > handing it out to anyone contacting your server. > > Krist > > -- > krist.vanbes...@gmail.com > kr...@vanbesien.org > Bremgarten b. Bern, Switzerland > -- > A: It reverses the normal flow of conversation. > Q: What's wrong with top-posting? > A: Top-posting. > Q: What's the biggest scourge on plain text email discussions? > > --------------------------------------------------------------------- > The official User-To-User support forum of the Apache HTTP Server Project. > See <URL:http://httpd.apache.org/userslist.html> for more info. > To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org > " from the digest: users-digest-unsubscr...@httpd.apache.org > For additional commands, e-mail: users-h...@httpd.apache.org > >
