[CentOS] Apache SSL key pass phrase question

Paul Heinlein heinlein at madboa.com
Fri Apr 3 21:16:08 UTC 2009


On Fri, 3 Apr 2009, Michael A. Peters wrote:

> After running that and entering my pass phrase, no pass phrase is 
> required to start the server and it seems like the browsers don't 
> complain, so I think I'm set, but I thought I'd verify that all 
> really is well and that doing that isn't going to cause any issues.
>
> If I understand it correctly, the phrase was needed when Apache 
> starts in order to decrypt the key, and all I did above was decrypt 
> the key so that apache doesn't have to, correct?

You are correct. As long as you can guarantee limited access to the 
file containing the key, then storing it in decrypted form is probably 
worth the risk.

On a server with untrusted users, however, I'd keep it decrypted.

-- 
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/


More information about the CentOS mailing list