Security Basics mailing list archives
Re: SSL certificate pass phase in apache
From: afshin_pir () yahoo com
Date: 22 Feb 2007 07:35:35 -0000
Hi all I know that I can remove password of my private key using this command: openssl rsa -in foo_key.pem -out foo_keyclear.pem But,I don't like this,because I should save private key without any protection on server,and if sombody access this file,he can easily generate a dummy "valid certificate" from same Issuer. Is this the way that normally used on servers for thier SSL? They won't use: SSLPassPhaseDialog exec:cert/passgenerator for sending pass to apache and then protect that pass generator? Regards --------------------------------------------------------------------------- This list is sponsored by: BigFix If your IT fails, you're out of business - or worse. Arm your enterprise with BigFix, the single converged IT security and operations engine. BigFix enables continuous discovery, assessment, remediation, and enforcement for complex and distributed IT environments in real-time from a single console. Think what's next. Think BigFix. http://ad.doubleclick.net/clk;82309979;15562032;o?http://www.bigfix.com/ITNext/ ---------------------------------------------------------------------------
Current thread:
- SSL certificate pass phase in apache Afshin_pir (Feb 21)
- Re: SSL certificate pass phase in apache Nick Baronian (Feb 22)
- Re: SSL certificate pass phase in apache Saqib Ali (Feb 22)
- <Possible follow-ups>
- Re: SSL certificate pass phase in apache afshin_pir (Feb 22)
- Re: SSL certificate pass phase in apache Björn Bergstrand (Feb 23)
- Re: SSL certificate pass phase in apache Björn Bergstrand (Feb 23)
- language for general risk analysis Ken Kousky (Feb 26)
- Re: SSL certificate pass phase in apache Lars (Feb 26)