On Thu, 25 Apr 2002, ANdrei wrote:

> let me give you a scenario that i want solved :)
>
> i have a webserver that needs to run apache with SSL (httpd -SSL, if i
> remember correctly), but the server is not considered to be secure
> enough to have an unencrypted key on it's hard drives... so the key is
> crypted, but then, again, apache is unable to start with SSL enabled if
> somebody doesn't enter the passphrase by hand... i'm talking about
> apache with mod-ssl, it's one of many big servers, and any minute of it
> not being up is a big pain in the ass, so starting apache on every
> server every time by entering the passphrase by hand is not what i am
> looking for... starting it from a script where the passphrase is plain
> text is also considered to be insecure for what i need....

Either your server has access to the key or it doesn't. If your server
has access to the key then someone who gets root on the box can get the
key. There is NO way around this.

If you think it's any improvement, you can have your script contact
another box for the passphrase, and that will mean you can at least log
the event reliably. It might still involve human entry of the passphrase,
but at least you can centralise that.

Andrew

To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]