[Pkg-apache-commits] r1000 - in /trunk/apache2: README.Debian changelog
sf at alioth.debian.org
sf at alioth.debian.org
Mon Jul 27 21:03:31 UTC 2009
Author: sf
Date: Mon Jul 27 21:03:30 2009
New Revision: 1000
URL: http://svn.debian.org/wsvn/pkg-apache/?sc=1&rev=1000
Log:
Clarify the recommended permissions for SSL certificates
Modified:
trunk/apache2/README.Debian
trunk/apache2/changelog
Modified: trunk/apache2/README.Debian
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/README.Debian?rev=1000&op=diff
==============================================================================
--- trunk/apache2/README.Debian (original)
+++ trunk/apache2/README.Debian Mon Jul 27 21:03:30 2009
@@ -168,6 +168,10 @@
/etc/init.d/apache2 restart
+The SSL key file should only be readable by root, the certificate file may be
+globally readable. These files are read by the Apache parent process which runs
+as root. Therefore it is not necessary to make the files readable by the
+www-data user.
Creating self-signed certificates
---------------------------------
@@ -186,7 +190,9 @@
This will ask you for the hostname and place both SSL key and certificate in
the file /path/to/cert-file.crt . Use this file with the SSLCertificateFile
directive in the apache config (you don't need the SSLCertificateKeyFile in
-this case).
+this case as it also contains the key). The file /path/to/cert-file.crt should
+only be readable by root. A good directory to use for the additional
+certificates/keys is /etc/ssl/private .
SSL workaround for MSIE
-----------------------
Modified: trunk/apache2/changelog
URL: http://svn.debian.org/wsvn/pkg-apache/trunk/apache2/changelog?rev=1000&op=diff
==============================================================================
--- trunk/apache2/changelog (original)
+++ trunk/apache2/changelog Mon Jul 27 21:03:30 2009
@@ -12,6 +12,8 @@
included config files, even if LANG is not C.
* Change references to httpd.conf in apache2-doc to apache2.conf
(closes: #465393).
+ * Clarify the recommended permissions for SSL certificates in README.Debian
+ (closes: #512778).
* Remove 2.0 -> 2.2 upgrade logic from maintainer scripts.
* Remove other_vhosts_access.log on package purge.
More information about the Pkg-apache-commits
mailing list