[oclug] Webservers and SSL certificates
msalists at gmx.net
Tue Feb 15 21:46:27 EST 2005
I have a quick question about webservers and SSL certificates:
I use apache on a bunch of servers (both version 1 and 2).
At the moment I have only one domain that has a SSL certificate. The private key is password-protected, so I have to enter the
password everytime the server gets started. Restart works without re-entering the password (luckily).
Now I am about to get some more certificates for some other domains.
The question is, should I first generate a new private key for each of them, or can I use the same one?
Also, if I have a whole bunch of SSL domains that password protected certificates, do I have to enter the password for each of them
at startup? I guess that would be a string argument against password-protecting them.
Is there any general common-sense or best-practise how to handle this?
Lastly, what is the challenge password in the CSR used for?
Do people usually use this or leave it empty?
More information about the OCLUG