[Pkg-apache-commits] r1000 - in /trunk/apache2: README.Debian changelog

sf at alioth.debian.org sf at alioth.debian.org
Mon Jul 27 21:03:31 UTC 2009 

Author: sf
Date: Mon Jul 27 21:03:30 2009
New Revision: 1000

URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1000
Log:
Clarify the recommended permissions for SSL certificates

Modified:
    trunk/apache2/README.Debian
    trunk/apache2/changelog

Modified: trunk/apache2/README.Debian
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.Debian?rev=1000&op=diff
==============================================================================
--- trunk/apache2/README.Debian (original)
+++ trunk/apache2/README.Debian Mon Jul 27 21:03:30 2009
@@ -168,6 +168,10 @@
 
 	/etc/init.d/apache2 restart
 
+The SSL key file should only be readable by root, the certificate file may be
+globally readable. These files are read by the Apache parent process which runs
+as root. Therefore it is not necessary to make the files readable by the
+www-data user.
 
 Creating self-signed certificates
 ---------------------------------
@@ -186,7 +190,9 @@
 This will ask you for the hostname and place both SSL key and certificate in
 the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
 directive in the apache config (you don't need the SSLCertificateKeyFile in
-this case).
+this case as it also contains the key). The file /path/to/cert-file.crt should
+only be readable by root. A good directory to use for the additional
+certificates/keys is /etc/ssl/private .
 
 SSL workaround for MSIE
 -----------------------

Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1000&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Mon Jul 27 21:03:30 2009
@@ -12,6 +12,8 @@
     included config files, even if LANG is not C.
   * Change references to httpd.conf in apache2-doc to apache2.conf
     (closes: #465393).
+  * Clarify the recommended permissions for SSL certificates in README.Debian
+    (closes: #512778).
   * Remove 2.0 -> 2.2 upgrade logic from maintainer scripts.
   * Remove other_vhosts_access.log on package purge.

More information about the Pkg-apache-commits mailing list