From owner-freebsd-stable Thu Apr 25 12:41:43 2002 Delivered-To: freebsd-stable@freebsd.org Received: from postoffice.igalaxy.net (hal.igalaxy.net [64.160.104.142]) by hub.freebsd.org (Postfix) with ESMTP id D493937B41A for ; Thu, 25 Apr 2002 12:41:34 -0700 (PDT) Received: from mikeyg [64.160.106.122] by postoffice.igalaxy.net (SMTPD32-7.06) id A0763D73004C; Thu, 25 Apr 2002 13:00:54 -0700 Message-ID: <023001c1ec91$33461ad0$0301a8c0@mikeyg> Reply-To: "Mike Grissom" From: "Mike Grissom" To: References: <3CC851E7.3529C7AB@abc.ro> Subject: Re: apache Date: Thu, 25 Apr 2002 12:41:30 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-stable@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG You should just remove the passphrase from the key file and then chmod the key file to 600 so only root can see it. Thats about the only way to do it automated besides using a script to enter the passphrase, but then again it would be cleartext. ----- Original Message ----- From: "ANdrei" To: Sent: Thursday, April 25, 2002 11:58 AM Subject: apache > let me give you a scenario that i want solved :) > > i have a webserver that needs to run apache with SSL (httpd -SSL, if i > remember correctly), but the server is not considered to be secure > enough to have an unencrypted key on it's hard drives... so the key is > crypted, but then, again, apache is unable to start with SSL enabled if > somebody doesn't enter the passphrase by hand... i'm talking about > apache with mod-ssl, it's one of many big servers, and any minute of it > not being up is a big pain in the ass, so starting apache on every > server every time by entering the passphrase by hand is not what i am > looking for... starting it from a script where the passphrase is plain > text is also considered to be insecure for what i need.... > > hope smbd had this problem already :) > > ANdrei > > and smtg else: i think it would be a great thing for this list and the > community if people here stop saying shitwords to each other... if > someone's annoying you, say it, but say it nicely, or ignore him... > guess most of us feel this way... discussions should be constructive, > not a desperate search for weak points in the ideas of others or a > search for the "best invective", so they end up imho as "almost spam" > when considering this is a "security" list... (don't think of anybody > special) > > > ----------------------------------[ http://www.goanga.com ]-- > > Never take life seriously. _ _ > Nobody gets out alive anyway. o' \.=./ `o > (o o) > -----------------------------------------ooO--(_)--Ooo------- > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message