Re: SSL

[Brian Hatch <bri () ifokr org>]

> Do you know a way to restrict admins of the web server (ISS) from backing
> up server certificate (and private key)? I am trying to ensure that only
> security admins of my company can back up the certificate, not the web
> admins. this can be via an authentication definition or via a password
> protection.

You could always just keep the private key protected with a strong
passphrase.  Then even if they can access it, the file is encrypted
and they can't get in.  If the passphrase is strong enough, then
an offline attack should be futile.  This does mean you'd not be
able to reboot unattended though.

--
Brian Hatch                  "I am become Grey. I stand between
   Systems and                the darkness and the light.
   Security Engineer          Between the candle and the star."
http://www.ifokr.org/bri/

Every message PGP signed

Attachment: signature.asc
Description: Digital signature