What Should be the Permissions of Apache SSL Directory, Certificate, and Key?

apache-2.2 security permissions ssl file-permissions
86,814

The directory permissions should be 700, the file permissions on all the files should be 600, and the directory and files should be owned by root.

Share:
86,814

Related videos on Youtube

Will
Author by

Will

Software and Infrastructure Architect; specializing in Python, PHP, Java, Shell Scripting, Linux/UNIX administration, Scientific Computing and Big Data, Scaling, High-Availability, and Security, among others.

Updated on September 17, 2022

Comments

  • Will
    Will over 1 year

    I have my cert.pem and cert.key files in /etc/apache2/ssl folders.

    What would be the most secure permissions and ownership of:

    1. /etc/apache2/ssl directory

    2. /etc/apache2/ssl/cert.pem file

    3. /etc/apache2/ssl/cert.key file

    (Ensuring https:// access works of course :).

    Thanks,

    JP

  • Admin
    Admin over 13 years
    Thanks. This works. One thing - I guess the files only need to be read by root that starts the apache daemon. Why do we need to give "write" permissions to the file?
  • Mike Scott
    Mike Scott over 13 years
    The files will need updating periodically, as your certificates expire and need to be renewed, and since there's no real security risk in making them writeable it makes life slightly simpler. They don't need to be readable for day-to-day use, so you can use 400 permissions (and 500 on the directory) if you don't mind having to fiddle with them at renewal time.
  • Admin
    Admin over 10 years
    It should be noted, that the official Apache Docs do not agree with Mike's original suggestions about SSL and go with his second suggestion here in the comments.
  • John Bachir
    John Bachir about 9 years
    What should the owner be?
  • user9
    user9 over 7 years
    where did you find the "official Apache Docs" about ssl
  • txyoji
    txyoji almost 6 years
    Its mentioned one time here in the SSL faq. httpd.apache.org/docs/2.4/ssl/ssl_faq.html#removepassphrase

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Adding ALL RESTRICTED APPLICATION PACKAGES to folder permissions
How to deny delete/modify permission to a file?
Linux Group Permissions not being enforced correctly.
How to disable SSL/TLS compression in Apache 2.2.16?
WebServer Permission problem, Ubuntu & Lighttpd
Enable apache to fopen/write in a directory?
Protected Apache web sub-directory asks for password twice
Plesk file permissions - Apache/PHP conflicting with user accounts
creating security groups from scratch - best practices
User permissions for both apache and local user