Date: Thu, 25 Apr 2002 12:07:00 -0700 (PDT) From: Doug Barton <DougB@FreeBSD.org> To: ANdrei <andrei@abc.ro> Cc: security@FreeBSD.org Subject: Re: apache Message-ID: <20020425120502.B69694-100000@master.gorean.org> In-Reply-To: <3CC851E7.3529C7AB@abc.ro>
next in thread | previous in thread | raw e-mail | index | archive | help
[ I'm sorry to say, this topic isn't appropriate for freebsd mailing lists. It's purely an apache question. ] On Thu, 25 Apr 2002, ANdrei wrote: > let me give you a scenario that i want solved :) > > i have a webserver that needs to run apache with SSL (httpd -SSL, if i > remember correctly), but the server is not considered to be secure > enough to have an unencrypted key on it's hard drives... so the key is > crypted, but then, again, apache is unable to start with SSL enabled if > somebody doesn't enter the passphrase by hand... i'm talking about > apache with mod-ssl, it's one of many big servers, and any minute of it > not being up is a big pain in the ass, so starting apache on every > server every time by entering the passphrase by hand is not what i am > looking for... starting it from a script where the passphrase is plain > text is also considered to be insecure for what i need.... You can't have it both ways. If you want the key to be encrypted, the password has to be entered when the server starts up. Any automated solution would be sufficiently insecure by nature, and roughly equivalent to leaving the password unencrypted. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020425120502.B69694-100000>