[oclug] Webservers and SSL certificates
Mark
msalists at gmx.net
Tue Feb 15 21:46:27 EST 2005
Hi,
I have a quick question about webservers and SSL certificates:
I use apache on a bunch of servers (both version 1 and 2).
At the moment I have only one domain that has a SSL certificate. The private key is password-protected, so I have to enter the
password everytime the server gets started. Restart works without re-entering the password (luckily).
Now I am about to get some more certificates for some other domains.
The question is, should I first generate a new private key for each of them, or can I use the same one?
Also, if I have a whole bunch of SSL domains that password protected certificates, do I have to enter the password for each of them
at startup? I guess that would be a string argument against password-protecting them.
Is there any general common-sense or best-practise how to handle this?
Lastly, what is the challenge password in the CSR used for?
Do people usually use this or leave it empty?
Thanks,
MARK
More information about the OCLUG
mailing list