Red Hat LINUX 7.2 - OFFICIAL LINUX CUSTOMIZATION GUIDE Manual page 164

164
You will need to remember and enter this password every time you start your
secure Web server, so do not forget it.
You will be asked to re-type the password, to verify that it is correct. Once you have typed it in
correctly, a file called server.key, containing your key, will be created.
Note that if you do not want to type in a password every time you start your secure Web server, you
will need to use the following two commands instead of make genkey to create the key. Both of
these commands should be typed in entirely on one line.
Use the following command:
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
to create your key. Then use this command:
chmod go-rwx /etc/httpd/conf/ssl.key/server.key
to make sure that the permissions are set correctly on your key.
After you use the above commands to create your key, you will not need to use a password to start
your secure Web server.
Disabling the password feature for your secure Web server is a security risk.
We DO NOT recommend that you disable the password feature for your se-
cure Web server.
The problems associated with not using a password are directly related to the security maintained on
the host machine. For example, if an unscrupulous individual compromises the regular UNIX security
on the host machine, that person could obtain your private key (the contents of your server.key
file). The key could be used to serve Web pages that will appear to be from your Web server.
If UNIX security practices are rigorously maintained on the host computer (all operating system
patches and updates are installed as soon as they are available, no unnecessary or risky services are
operating, and so on), the secure Web server's password may seem unnecessary. However, since your
secure Web server should not need to be re-booted very often, the extra security provided by entering
a password is a worthwhile effort in most cases.
Chapter 15:Apache Secure Server Configuration
Note
CAUTION