I have my cert.pem and cert.key files in /etc/apache2/ssl folders.
What would be the most secure permissions and ownership of:
/etc/apache2/ssl directory
/etc/apache2/ssl/cert.pem file
/etc/apache2/ssl/cert.key file
(Ensuring https:// access works of course :).
Thanks,
JP
The directory permissions should be 700, the file permissions on all the files should be 600, and the directory and files should be owned by root.
The most important is to make sure the *.key files are only readable by root (SSL/TLS Strong Encryption: FAQ).
My experience is that it could be realized also to other files of the certificates (like *.crt for example).
So we should set the root as the only one owner of the directory and its files:
$ chown -R root:root /etc/apache2/ssl
And we can set the most restrictive permissions for this localization:
$ chmod -R 000 /etc/apache2/ssl
In some particular case, the localization can be different of course.
