- Posted On July 31, 2012
- Written By Masen Marshall
If you’ve ever uploaded a private key file to a Linux server and put it in a directory like
And included it in your apache virtual host configuration with something like:
Then you might be missing an important step.
Apache actually reads SSL private key files as root before it drops it’s privileges, so the correct private key permissions are actually 600, it doesn’t need word readable privileges. Therefore it’s actually a security oversite to have your private key permissions set to anything that allows RWX from any user other than root.
You’ll want to chmod user permissions on the key like so:
chmod 600 /etc/pki/tls/certs/mydomain.com.crt