2,187
edits
m (→Set-up Secured Website: Typo fix) |
(→Create Self-Signed Certificate: Added "Remove Key PassPhrase") |
||
Line 42: | Line 42: | ||
##* EG <code> cp my-server.key /etc/apache2/ssl/</code> | ##* EG <code> cp my-server.key /etc/apache2/ssl/</code> | ||
##* EG <code> cp self-ca.crt /etc/apache2/ssl/</code> | ##* EG <code> cp self-ca.crt /etc/apache2/ssl/</code> | ||
=== Remove Key PassPhrase === | |||
The following removes a layer of security protection should your webserver be attacked. You should balance the increased risk of this against the improved usability (a common trade-off in the world of security). The server key will no longer be encrypted, which means it can be stolen and re-used to impersonate your server, opening you up to a [http://www.wikipedia.org/wiki/Man-in-the-middle_attack man in the middle attack]. | |||
# Create a backup of the server key | |||
#* EG <code> cp my-server.key my-server.key.pass </code> | |||
# Create an unencrypted version (you will be prompted for the passphrase) | |||
#* EG <code> openssl rsa -in server.key.org -out server.key </code> | |||
For further info, see http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#removepassphrase | |||
== Set-up Secured Website == | == Set-up Secured Website == |