[openssl-users] Permission denied while creating the key
Jakob Bohm
jb-openssl at wisemo.com
Fri Apr 10 11:47:03 UTC 2015
On 10/04/2015 13:06, Sudhakar.Shanmugam wrote:
>
> I’m facing below error while creating the private key, has anyone
> encountered this error?
>
> mftlx1001[/opt/mft/shared/software]> openssl genrsa -out mfra.key 2048
> -config openssl.cnf
>
> mfra.key: Permission denied
>
> 32096:error:0200100D:system library:fopen:Permission
> denied:bss_file.c:352:fopen('mfra.key','w')
>
> 32096:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:354:
>
>
You are trying to save the secret key in
/opt/mft/shared/software/mfra.key
You are not running as root (this is GOOD!).
You are not supposed to (and not allowed to) put the key
file there, because that directory is only supposed to
contain software AND because everybody else can read that
directory.
You should put the key in a directory where only you have
access, and where you do have write access.
For example
[/home/Sudhakar.Shanmugam/secrets]>chmod 0700 .
[/home/Sudhakar.Shanmugam/secrets]>umask 077
[/home/Sudhakar.Shanmugam/secrets]>/opt/mft/shared/software/openssl
genrsa -out mfra.key 2048 -config /opt/mft/shared/software/openssl.cnf
Please try not to get hacked.
Enjoy
Jakob
--
Jakob Bohm, CIO, Partner, WiseMo A/S. http://www.wisemo.com
Transformervej 29, 2860 Søborg, Denmark. Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded
More information about the openssl-users
mailing list