Home page logo

basics logo Security Basics mailing list archives

Re: SSL certificate pass phase in apache
From: afshin_pir () yahoo com
Date: 22 Feb 2007 07:35:35 -0000

Hi all
I know that I can remove password of my private key using this command:
openssl rsa -in foo_key.pem -out foo_keyclear.pem

But,I don't like this,because I should save private key without any protection on server,and if sombody access this 
file,he can easily generate a dummy "valid certificate" from same Issuer.
Is this the way that normally used on servers for thier SSL?
They won't use: 
SSLPassPhaseDialog exec:cert/passgenerator
for sending pass to apache and then protect that pass generator?


This list is sponsored by: BigFix

If your IT fails, you're out of business - or worse.  Arm your 
enterprise with BigFix, the single converged IT security and operations 
engine. BigFix enables continuous discovery, assessment, remediation, 
and enforcement for complex and distributed IT environments in real-time 
from a single console.
Think what's next. Think BigFix. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]