[openssl-users] File permissions on keys, csr, and certificates

Peter Magnusson blaufish.public.email at gmail.com
Wed Nov 14 14:40:19 UTC 2018

root:root, chmod 400. And ideally your Root CA files should not be
hosted on your web server, otherwise a server compromise also
compromises your root authority.

Be careful to keep your .pem file private! Lighttpd reads all pemfiles
at startup, before dropping privileges. It is therefore best to make
the pem file owned by root and readable by root only:
$ chown root:root /etc/lighttpd/ssl/example.org.pem
$ chmod 400 /etc/lighttpd/ssl/example.org.pem
On Fri, Nov 9, 2018 at 10:04 PM Ikwyl6 via openssl-users
<openssl-users at openssl.org> wrote:
> Hi - I created a question on Super User about questions on file permissions and what the file permissions should be on created files. See link here:
> https://superuser.com/questions/1368747/file-permissions-for-openssl-created-files-for-https-web-server-lighttpd
> Could someone comment on what file permissions should be on each file and who should own them.
> Thank you.
> --
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users

More information about the openssl-users mailing list