[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#512778: Info on file permissions on ssl certificates



Subject: Info on file permissions on ssl certificates
Package: apache2.2-common
Version: 2.2.9-10+lenny2
Severity: wishlist


Dear Debian folks,


thank you for packaging Apache HTTP server and for the nice
README.Debian file.

Could you please elaborate on the SSL part.

I used make-ssl-cert from the ssl-cert package as described. But one
thing is not clear for me.

The snakeoil key file is stored under /etc/ssl/private/ which is only
readable by root. The pem-file is readable by everyone.

$ ls -l /etc/ssl/certs/ssl-cert-snakeoil.pem 
-rw-r--r-- 1 root root 631 2009-01-21 19:14 /etc/ssl/certs/ssl-cert-snakeoil.pem

1st question. Is there also a *.crt file created by default as the other
files seem to be symlinks to crt-files (ca-certificates)? If not, why
not?

2nd question. When I create another certificate for a different host
name, a crt file is stored somewhere. Is there a location recommended by
the FHS? /etc/?

3rd question. The created file is readable and writable by root only. I
tried it out and it worked, but how can it be read by www-data the user
for running apache?


Thanks a lot,

Paul

Attachment: signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil


Reply to: