Subject: Info on file permissions on ssl certificates Package: apache2.2-common Version: 2.2.9-10+lenny2 Severity: wishlist
Dear Debian folks, thank you for packaging Apache HTTP server and for the nice README.Debian file. Could you please elaborate on the SSL part. I used make-ssl-cert from the ssl-cert package as described. But one thing is not clear for me. The snakeoil key file is stored under /etc/ssl/private/ which is only readable by root. The pem-file is readable by everyone. $ ls -l /etc/ssl/certs/ssl-cert-snakeoil.pem -rw-r--r-- 1 root root 631 2009-01-21 19:14 /etc/ssl/certs/ssl-cert-snakeoil.pem 1st question. Is there also a *.crt file created by default as the other files seem to be symlinks to crt-files (ca-certificates)? If not, why not? 2nd question. When I create another certificate for a different host name, a crt file is stored somewhere. Is there a location recommended by the FHS? /etc/? 3rd question. The created file is readable and writable by root only. I tried it out and it worked, but how can it be read by www-data the user for running apache? Thanks a lot, Paul
signature.asc
Description: Dies ist ein digital signierter Nachrichtenteil