...
| Panel |
|---|
/etc/ssl/private/ # Only view-able by root the standard location for the private keys |
...
Storing CA Certificates
If the CA certificates did not exists on the server, we would need to store the CA certificates ourselves into the the publicly view-able folder,
| Note |
|---|
Ubuntu is very good at keeping an updated list of recognized anc certified CAs. I recommend letting the OS manage this and skipping to the nexst section, Storing Public and Private Keys. |
| Code Block | ||
|---|---|---|
| ||
sudo chmod root:root sudo mv *.pem /ect/ssl/certs sudo mv *.crt /etc/ssl/certs |
| Warning |
|---|
I noticed that this folder actually contains symbolic links generally to /usr/share/ca-certificates/. I also believe the symbolic links are generated by the command sudo dpkg-reconfigure ca-certificates. There is also an entry etc/apache2/sites-available/default-ssl that reads, "update the hash symlinks after changes" Why is this done this way? I do not know. I am guessing that this is for having multiple applications trust the cert store. Still need to research this more. |
Storing Public and Private Keys
Store the public key in the public folder,
| Code Block | ||
|---|---|---|
| ||
sudo chown root:root www.earth.com.crt
sudo mv www.earth.com.crt /etc/ssl/certs |
| Note |
|---|
The above chown root:root command ensure the signed public key is protected. Also if you are using a user other than root to start Apache, then adjust the file ownership accordingly. |
Store the private key into the protected folder,
...