[CentOS] Apache SSL key pass phrase question
Michael A. Peters
mpeters at mac.com
Sat Apr 4 17:10:20 UTC 2009
Markus Falb wrote:
> On Fri, 03 Apr 2009 17:06:38 -0500, Lanny Marcus wrote:
>> Backup servers need *maximum* protection too......
> agreed, but...
> maximum protection would mean turning network off.
> but that could turn out as a little inconvinience.
> webservers that cant boot without human intervention are not acceptable
> for me. but thats me. i understand that other people may have another
> opinion, and thats fine.
I agree. Apache has to start for me.
My server is a linode hosted xen vm.
It does not have 100% uptime - it's rarely down, but it has been down
before (I can tell from the logs - this site w/ the ssl is new but I
have other stuff hosted on it).
Anyway - the site is just a site to record reptiles and amphibian
sightings in my county, the only thing I'm using ssl for is user
registration and login so that password is not sent plain text.
Hardly cause to be overly paranoid (I was a good boy and did set
root:root 0600 permissions though). In fact using ssl may already be
overly paranoid, most sites of this type don't - which is a pet peeve of
mine (too many people use wireless and too many people use the same
password for everything, passwords really need to be encrypted when sent)
I don't backup /etc/pki - I have the apache keys backed up, the server's
ssl keys backed up, but only backup I have planned of the server is
weekly rpm -qa, /etc/httpd, /etc/php.ini, mysql database, and user
uploaded images. Everything else is cake to do from a fresh install and
what I have at home.
More information about the CentOS