On Mon, 9 Apr 2001, Deocs Postmaster wrote:
> Very good! I don't recall the .RND file or pass phrase
> details. Deleting the pass phrase is optional, but I
> don't know what the issues are.
I think the issues are mentioned in the mod_ssl docs, but briefly the
tradeoff is this:
If you use a passphrase, then you're largely assured that your server's
identity cannot be stolen even if someone breaks into the server and
steals the private key, since the private key is encrypted with the
passphrase. That's good. But then again, doing this requires that either
some person be physically present in order to start/restart the webserver
to type in the passphrase (that's bad), or that the passphrase be
hardcoded into a script somewhere that starts/restarts the webserver
automatically (which basically defeats the purpose, since the person who
steals the private key could steal the script, too).
The only time the passphrase really gains you anything other than security
through obscurity is if you have the passphrase script on a completely
separate box from the web server and you trust the security of the
separate box more than that of the web server. This might be the case if,
for example, your web server is in a DMZ of your network and you have a
box inside a firewall that can connect out through that firewall to the
web server to startup Apache. Such a setup would work and would be more
secure, but is non-trivial to get working seamlessly.
Make sense?
--Cliff
--------------------------------------------------------------
Cliff Woolley
[EMAIL PROTECTED]
Charlottesville, VA
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
