Welcome to the Linux Foundation Forum!

Lesson 7: Httpd and SSL

In the slide entitled "Secure Sockets Layer", it is said there are some ways to keep the tls private key ciphered. Could someone elaborate what ways they may be talking about, precisely how would be handled a server restart / reboot?
Thanks

Answers

  • k0dard
    k0dard Posts: 115

    Hello effectidev,

    Check out this link:
    https://httpd.apache.org/docs/2.4/ssl/ssl_faq.html

    Section "Is there a difference on startup between a non-SSL-aware Apache and an SSL-aware Apache?" answers your question.

    In short, if you encrypt your SSL key Apache won't be able to start after server reboot because you need to enter the passphrase (to decrypt the key) manually...

  • Thank you for your answer K0dard. The wording of the lesson let me think there would be a magic way to proceed in fully automated environments. But it seems no, and a human intervention is mandatory. Thank you for your confirming.

Categories

Upcoming Training