On Ubuntu, it looks like the best place for a private key used to sign a certificate (for use by nginx) is in /etc/ssl/private/
This answer adds that the certificate should go in /etc/ssl/certs/
but that seems like an unsafe place. Do .crt
files need to be kept safe or are they considered public?
Best Answer
The .crt file is sent to everything that connects; it is public. (
chown root:root
andchmod 644
)To add to the private key location; make sure you secure it properly as well as having it in there. (
chown root:ssl-cert
andchmod 640
)