...
Code Block | ||
---|---|---|
| ||
ls -al /etc/ssl/ total 44 drwxr-xr-x 4 root root 4096 2011-04-07 10:15 . drwxr-xr-x 71 root root 4096 2011-06-08 14:22 .. drwxr-xr-x 2 root root 20480 2011-06-21 11:41 certs -rw-r--r-- 1 root root 9374 2010-10-06 20:51 openssl.cnf drwx--x--- 2 root ssl-cert 4096 2011-06-13 20:59 private |
Store the private key into the protected folder,
Code Block | ||
---|---|---|
| ||
sudo cp www.earth.com_server.key /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/www.earth.com_server.key # Secure the file |
Panel |
---|
If you opt to use your own private folder makes sure to set the same permissions |
...
as /etc/ssl/private/
Again, I will stress that this is very important! |
Store the private key into the protected folder,
Code Block | ||
---|---|---|
| ||
sudo cp www.earth.com_server.key /etc/ssl/private/
sudo chmod 640 /etc/ssl/private/www.earth.com_server.key # Secure the file |
Info |
---|
The ssl-cert group is a special group to make it easy for other processes to use certs. |
Note |
---|
Why does the server key need both read and write (640) for the owner? I'm not sure actually, but I have found that not giving write permission appeared to result in me not being able to properly reload Apache. Honestly, there were other factors so I'm' not sure if write permission actually solved my issue. It worked, and I have not had the time to investigate this thoroughly. Let me know if you find otherwise. |
Next, Apache needs to be setup.
...