fre 2006-04-21 klockan 09:43 -0400 skrev DGeorgie@wiley.com:
> Thank you for the advice Vince. I received before similar advice from
> Henrik Nordstrom and already tested the https_port directive with Apache.
> It worked really easy.
> The only thing that missed is Squid's capability to provide pass phrase
> for the private encrypted key at the start up. Apache does that.
See the SSL update patch or Squid-3.. it allows you to specify a
program supplying the key encryption password.
Or alternatively start Squid in the foreground with the -N option.
Please note that having the pass phrase in the config file or similar
more or less equals to have the key unencrypted on disk. There is only a
security benefit in storing the key encrypted if the admin is somehow
queried for the password on startup.
Regards
Henrik
This archive was generated by hypermail pre-2.1.9 : Mon May 01 2006 - 12:00:02 MDT