Correct SSL Private Key Permissions on a Linux Server GNU What I'm Saying?

SSL Private Key Permissions on Linux

Posted On July 31, 2012
Written By Masen Marshall

If you’ve ever uploaded a private key file to a Linux server and put it in a directory like

/etc/pki/tls/certs

And included it in your apache virtual host configuration with something like:

SSLCertificateFile /etc/pki/tls/certs/mydomain.com.crt

Then you might be missing an important step.

Apache actually reads SSL private key files as root before it drops it’s privileges, so the correct private key permissions are actually 600, it doesn’t need word readable privileges. Therefore it’s actually a security oversite to have your private key permissions set to anything that allows RWX from any user other than root.

You’ll want to chmod user permissions on the key like so:

chmod 600 /etc/pki/tls/certs/mydomain.com.crt

GNU What I'm Saying?

SSL Private Key Permissions on Linux

Categories

Search

Recent Posts