Hi!
I have been running a web server (Ubuntu 10.10/Apache) for the past few months. I now want to offer HTTPS. I don't mind if it being self signed because the people that use the server are very tech knowledgeable and I will tell them that the cert is self signed. I have set up HTTPS cert with a passphrase and everything works, but where the server is located there are some power outages. I need the server to start when the power is restored along with Apache. This will not happen when there is a passphrase on the cert. I was about to generate a new one with out a passphrase when I read this:
(https://help.ubuntu.com/8.04/serverg...-security.html)Code:You can also run your secure service without a passphrase. This is convenient because you will not need to enter the passphrase every time you start your secure service. But it is highly insecure and a compromise of the key means a compromise of the server as well.
If I decide to run the server with HTTPS with out a passphrase how is my server insecure? Would it be better to not use HTTPS or use HTTPS with out a passphrase?
Thanks!
Carlos
Bookmarks