[CentOS] Apache SSL key pass phrase question

Sat Apr 4 16:10:20 UTC 2009
Michael A. Peters <mpeters at mac.com>

Markus Falb wrote:
> On Fri, 03 Apr 2009 17:06:38 -0500, Lanny Marcus wrote:
> 
>> Backup servers need *maximum* protection too......
> 
> agreed, but...
> maximum protection would mean turning network off.
> but that could turn out as a little inconvinience.
> 
> webservers that cant boot without human intervention are not acceptable 
> for me. but thats me. i understand that other people may have another 
> opinion, and thats fine.

I agree. Apache has to start for me.

My server is a linode hosted xen vm.
It does not have 100% uptime - it's rarely down, but it has been down 
before (I can tell from the logs - this site w/ the ssl is new but I 
have other stuff hosted on it).

Anyway - the site is just a site to record reptiles and amphibian 
sightings in my county, the only thing I'm using ssl for is user 
registration and login so that password is not sent plain text.

Hardly cause to be overly paranoid (I was a good boy and did set 
root:root 0600 permissions though). In fact using ssl may already be 
overly paranoid, most sites of this type don't - which is a pet peeve of 
mine (too many people use wireless and too many people use the same 
password for everything, passwords really need to be encrypted when sent)

I don't backup /etc/pki - I have the apache keys backed up, the server's 
ssl keys backed up, but only backup I have planned of the server is 
weekly rpm -qa, /etc/httpd, /etc/php.ini, mysql database, and user 
uploaded images. Everything else is cake to do from a fresh install and 
what I have at home.