On Mon, 1 Jun 1998, Brian Tao wrote:
>
> 1. Can I keep just a single server private key, and generate
> certificate requests for all the virtual servers off that one key?
> Is there a benefit to having a separate key for each customer? How
> about sharing a key across multiple physical servers?
>
> 2. Is there a way to get around having to re-enter the private key
> passphrase on every restart/reload? Netscape ES 3.5.1 gets around
> this by having a watchdog program re-input the passphrases. It sounds
> rather kludgy to me... should I simply use a key without a passphrase,
> and try not to lose too much sleep over it?
I should qualify these two requirements. I already have several
physical servers running hundreds of sites already. Rather than
dedicating a server just for Apache-SSL (which would require another
IP address and a unique hostname), I would like any server to be
capable of SSL.
Cron jobs detect changes to the httpd.conf and initiate graceful
restarts as necessary. Manual input of a server key passphrase is
thus not an option. These restarts can happen at any time of the day
or night, typically several times per day per server.
--
Brian Tao (BT300, taob@risc.org)
"Though this be madness, yet there is method in't"