httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Doug Groves" <>
Subject [users@httpd] SSL boot up
Date Fri, 02 May 2003 18:01:12 GMT
Somebody had posted a question about having Apache autobooting in
SSL (bypassing the key phrase input).  No one answered, and since
I want to do the same thing, I thought I'd share this link on the
subject at ... and ask a quick question regarding it

Basically, it says the following...
  Remove the encryption from the RSA private key (while preserving the
original file):
   > $ cp server.key
   > $ openssl rsa -in -out server.key
  Make sure the server.key file is now only readable by root:
   > $ chmod 400 server.key

Now, for my question.  Is this a method many people use?  I've
never had the need for SSL the last time I installed Apache (a
couple of years back).  Has anyone heard of any security exploit
regarding this method?

The server I've set up includes SSL, although at the moment
none of the hosts on it require SSL for financial transactions
(just secure webmail access).

Just wanted to get the opinions of people who know more than I
do before I try it...


The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:> for more info.
To unsubscribe, e-mail:
   "   from the digest:
For additional commands, e-mail:

View raw message