On Thu, Aug 28, 2008 at 2:53 PM, Joseph S D Yao <[EMAIL PROTECTED]> wrote: > On Thu, Aug 28, 2008 at 10:31:42AM -0300, Tan, Liao wrote: >> Ok, ic I can simply remove the passphrase, and provided the new key be >> readabale by root only, I should not have any security problems... is it >> simply remove it? or any other settings, configuratios, re-installation? >> > > It should not be owned by root, because you should not be running your > server as root. You should be running your servers as some other user, > say, "apache", and so the uncloaked cert files should be stored as > read-only by "apache".
root-owned private key sure sounds wiser to me. > Why should nothing be owned by root? Because then manipulating it must > be done by root. There are lots of files you don't want to be owned, or modifiable, by non-root users. This is a good thing. -- Eric Covener [EMAIL PROTECTED] --------------------------------------------------------------------- The official User-To-User support forum of the Apache HTTP Server Project. See <URL:http://httpd.apache.org/userslist.html> for more info. To unsubscribe, e-mail: [EMAIL PROTECTED] " from the digest: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
