www.bonsaiframework.com
Page tree

Versions Compared

Old Version 150

changes.mady.by.user Tin Pham

Saved on

compared with

New Version 151

changes.mady.by.user Tin Pham

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
languagebash
ls -al /etc/ssl/
total 44
drwxr-xr-x  4 root root      4096 2011-04-07 10:15 .
drwxr-xr-x 71 root root      4096 2011-06-08 14:22 ..
drwxr-xr-x  2 root root     20480 2011-06-21 11:41 certs
-rw-r--r--  1 root root      9374 2010-10-06 20:51 openssl.cnf
drwx--x---  2 root ssl-cert  4096 2011-06-13 20:59 private

Store the private key into the protected folder,

Code Block
languagebash
sudo cp www.earth.com_server.key /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/www.earth.com_server.key # Secure the file



Panel

If you opt to use your own private folder makes sure to set the same permissions

...

as /etc/ssl/private/

Code Block
languagebash
sudo chown -R root:ssl-cert /opt/apache/httpd/ssl/private/* # Make the user starting Apache the owner, in this case it is root.
sudo chown 710 /opt/apache/httpd/ssl/private/

Again, I will stress that this is very important!

Store the private key into the protected folder,

Code Block
languagebash
sudo cp www.earth.com_server.key /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/www.earth.com_server.key # Secure the file
Info

The ssl-cert group is a special group to make it easy for other processes to use certs.

Note

Why does the server key need both read and write (640) for the owner?

I'm not sure actually, but I have found that not giving write permission appeared to result in me not being able to properly reload Apache.

Honestly, there were other factors so I'm' not sure if write permission actually solved my issue. It worked, and I have not had the time to investigate this thoroughly. Let me know if you find otherwise.

Next, Apache needs to be setup.

...