What Should be the Permissions of Apache SSL Directory, Certificate, and Key?
86,814
The directory permissions should be 700, the file permissions on all the files should be 600, and the directory and files should be owned by root.
Related videos on Youtube
Author by
Will
Software and Infrastructure Architect; specializing in Python, PHP, Java, Shell Scripting, Linux/UNIX administration, Scientific Computing and Big Data, Scaling, High-Availability, and Security, among others.
Updated on September 17, 2022Comments
-
Will over 1 year
I have my
cert.pem
andcert.key
files in/etc/apache2/ssl
folders.What would be the most secure permissions and ownership of:
/etc/apache2/ssl
directory/etc/apache2/ssl/cert.pem
file/etc/apache2/ssl/cert.key
file
(Ensuring
https://
access works of course :).Thanks,
JP
-
Admin over 13 yearsThanks. This works. One thing - I guess the files only need to be read by root that starts the apache daemon. Why do we need to give "write" permissions to the file?
-
Mike Scott over 13 yearsThe files will need updating periodically, as your certificates expire and need to be renewed, and since there's no real security risk in making them writeable it makes life slightly simpler. They don't need to be readable for day-to-day use, so you can use 400 permissions (and 500 on the directory) if you don't mind having to fiddle with them at renewal time.
-
Admin over 10 yearsIt should be noted, that the official Apache Docs do not agree with Mike's original suggestions about SSL and go with his second suggestion here in the comments.
-
John Bachir about 9 yearsWhat should the owner be?
-
user9 over 7 yearswhere did you find the "official Apache Docs" about ssl
-
txyoji almost 6 yearsIts mentioned one time here in the SSL faq. httpd.apache.org/docs/2.4/ssl/ssl_faq.html#removepassphrase