[NTLUG:Discuss] Multiple Apache-SSL Servers / Same Pass Phrase
David Camm
dcamm at advwebsys.com
Tue Jul 1 15:41:12 CDT 2003
stuart - if I'M not mistaken, the passphrase is used to encrypt the private key,
not the certificate. if you look at your apache install tree, you'll see that
the directory [server_root]/conf/ssl.key has permissions of 700 and should be
owned by root. the security risk is that if someone gains access to your system
with root privileges, they can get the private keys and could then masquerade as
you. this is NOT a good thing, but one would hope you're taking every reasonable
precaution to prevent unauthorized access.
since we don't use mod-perl, i can't comment on that issue.....
david camm
advanced web systems
Stuart Johnston wrote:
>
>>first of all, i believe that using a passphrase is optional. i know it
>
> is on
>
>>stronghold, which is apache based. you might want to reconsider using
>>passphrases.....
>
>
> Yes, and we considered doing that but it is a security risk. If you
> have advise on securely using unencrypted certificates, I would
> appreciate it.
>
>
>
>>secondly, i'm curious as to why you need multiple INSTANCES of apache
>
> on a
>
>>single machine. apache can certainly handle more than one secure site
>
> within a
>
>>single instance - you just need to have a separate IP for each secure
>
> site. if
>
>>you only have a single IP available, you can still run multiple secure
>
> sites
>
>>using port-based virtual hosting.
>
>
> Because we are using mod_perl. Maybe I'm wrong but I think we need
> seperate instances so that each customer's site will have it's own
> mod_perl environment.
>
> Thanks,
> Stuart Johnston
>
> _______________________________________________
> https://ntlug.org/mailman/listinfo/discuss
>
More information about the Discuss
mailing list