Is there any standard or convention for where SSL certificates and associated private keys should go on the UNIX/Linux filesystem?
Linux – SSL Certificate Location on UNIX/Linux
filesystemslinuxsslssl-certificateunix
Related Topic
- Ssl – choosing the right SSL certificate
- Ssl – Wildcard SSL certificate for second-level subdomain
- Windows – Recovering SSL key from a dead computer
- Tomcat – Installing SSL Thawte Certificates for tomcat from pre-generated Private Key
- Ssl – Displaying a remote SSL certificate details using CLI tools
- Ssl – Install SSL Certificate on Azure Cloud Service (VM)
- Linux – Security measures of Linux ‘certificate store’
- SSL certificate complication for aws eb
Best Answer
For system-wide use, OpenSSL should provide you
/etc/ssl/certs
and/etc/ssl/private
. The latter of which will be restricted700
toroot:root
.If you have an application that doesn’t perform initial privilege separation from
root
, then it might suit you to locate them somewhere local to the application with the relevantly restricted ownership and permissions.