> Having a password means that no-one can use your certificate - even if > they obtain a copy of it. They can load the cert into their server but > it won't let the server come up unless they know the password.
Although after accepting a passphrase the unencrypted key is sitting in memory in the web server (it has to be so that it can be used to accept new connections). If you can dump the memory of a process (root can do this on a lot of UNIX systems, on others you can do it from a CGI run as the user Apache is running as) then you can grab the key without a lot of effort. > So if you protect your server to the utmost, you have no need of a > password protected certificate. Absolutely; if someone is root on your system they're going to get the key if they want it. Adding a passphrase isn't going to stop them, and is just going to make it more annoying for you to use your server. (This is where the hardware crypto device people chime in and tell you about their systems that let you keep the keys in external, FIPS-compliant, hardware) Mark -- Mark J Cox ........................................... www.awe.com/mark Apache Software Foundation ..... OpenSSL Group ..... Apache Week editor ______________________________________________________________________ Apache Interface to OpenSSL (mod_ssl) www.modssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
