On Thu, Aug 28, 2008 at 2:53 PM, Joseph S D Yao <[EMAIL PROTECTED]> wrote:
> On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao  wrote:
>> Ok, ic I can simply remove the passphrase, and provided the new key be 
>> readabale by root only, I should not have any security problems... is it 
>> simply remove it? or any other settings, configuratios, re-installation?
>>
>
> It should not be owned by root, because you should not be running your
> server as root.  You should be running your servers as some other user,
> say, "apache", and so the uncloaked cert files should be stored as
> read-only by "apache".

root-owned private key sure sounds wiser to me.

> Why should nothing be owned by root?  Because then manipulating it must
> be done by root.

There are lots of files you don't want to be owned, or modifiable, by
non-root users.  This is a good thing.

-- 
Eric Covener
[EMAIL PROTECTED]

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: [EMAIL PROTECTED]
   "   from the digest: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to