location of server certificates
Hello all
I have an Apache webserver and I want to enable it to serve contents
over https. In order to understand the entire workflow of certificate
management and how https works I have created my own CA. Essentially
I have generated a self signed certificate for my CA and installed
in my browser as a truested CA. Next I have generated a certificate for
the server and signed it with the private key of the CA.
Now I am ready to install the server certificate on the machine where
Apache runs.
Here is my question: Where will the certificate be placed in the filesystem?
Is there any recomended location?
The information I can find on the internet about this issue is not
convincing. Let me explain why:
- some people mention /etc/ssl/certs as the appropriate location
Isn't this folder used for Trusted CAs instead of server
certificates? Another objection about this location: isn't this
location managed by update-ca-certificates?
- some pages tell you to create a folder "localcerts" under
/etc/ssl/
Why create it here? The entire /etc/ssl/ is managed by the os sofware.
Why should I interfere with the OS software?
- other pages do not specify any prefered location (e.g. the Apache
documentation)
- other pages say to no store the certificate inside the Apache configuration
folder /etc/apache2 because the certificate is not something which is
related to Apache. This advice seems right, because some day I can replace
Apache with another server. But where to place it?
Thank you
Cristian
Reply to: