Ping a Specific Port

Question

JP19

Asked: 2010-12-28 09:53:48 +0800 CST2010-12-28 09:53:48 +0800 CST 2010-12-28 09:53:48 +0800 CST

What Should be the Permissions of Apache SSL Directory, Certificate, and Key?

I have my cert.pem and cert.key files in /etc/apache2/ssl folders.

What would be the most secure permissions and ownership of:

(Ensuring https:// access works of course :).

Thanks,

JP

Mike Scott · Answer 1 · 2010-12-28T09:59:08+08:00

Best Answer

Mike Scott

The directory permissions should be 700, the file permissions on all the files should be 600, and the directory and files should be owned by root.

simhumileco · Answer 2 · 2019-04-05T15:03:40+08:00

simhumileco

The most important is to make sure the *.key files are only readable by root (SSL/TLS Strong Encryption: FAQ).

My experience is that it could be realized also to other files of the certificates (like *.crt for example).

So we should set the root as the only one owner of the directory and its files:

$ chown -R root:root /etc/apache2/ssl

And we can set the most restrictive permissions for this localization:

$ chmod -R 000 /etc/apache2/ssl

In some particular case, the localization can be different of course.