Security Basics mailing list archives

Re: SSL certificate pass phase in apache

From: afshin_pir () yahoo com
Date: 22 Feb 2007 07:35:35 -0000

Hi all
I know that I can remove password of my private key using this command:
openssl rsa -in foo_key.pem -out foo_keyclear.pem

But,I don't like this,because I should save private key without any protection on server,and if sombody access this 
file,he can easily generate a dummy "valid certificate" from same Issuer.
Is this the way that normally used on servers for thier SSL?
They won't use: 
SSLPassPhaseDialog exec:cert/passgenerator
for sending pass to apache and then protect that pass generator?

Regards

---------------------------------------------------------------------------
This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 

http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/
---------------------------------------------------------------------------

Current thread:

SSL certificate pass phase in apache Afshin_pir (Feb 21)
- Re: SSL certificate pass phase in apache Nick Baronian (Feb 22)
- Re: SSL certificate pass phase in apache Saqib Ali (Feb 22)
- <Possible follow-ups>
- Re: SSL certificate pass phase in apache afshin_pir (Feb 22)
  - Re: SSL certificate pass phase in apache Björn Bergstrand (Feb 23)
  - Re: SSL certificate pass phase in apache Björn Bergstrand (Feb 23)
    - language for general risk analysis Ken Kousky (Feb 26)
    - Re: SSL certificate pass phase in apache Lars (Feb 26)