In an environment where a handful of Apache servers are running a bunch of sites using SSL certificates for HTTPS, where should these certificates be placed? In Debian or Ubuntu, should all relevant files be put in /etc/apache2/ssl? Or is there some other location better suited for this? What security concerns should be addressed when choosing locations for these files for multiple websites on the same server?
Ubuntu – Best practices for placing SSL certificates for use in Apache 2
apache-2.2debiansslUbuntu
Related Topic
- Debian – Unable to set up SSL support for Apache 2 on Debian
- Ssl – Difference between SSLCertificateFile and SSLCertificateChainFile
- Ssl – Is it a good idea to use cacert SSL certificates instead of self signed one in production
- Ssl – Apache SSL virtual hosts sharing same DocumentRoot
- Ssl – GCP HTTP Load Balancers With SSL Certificates for Multiple Websites
- Nginx – Where to Place SSL Certificates on Reverse Proxy
Best Answer
FWIW, I use Debian.
I place all private keys in
/etc/ssl/privatewhich has permission mode0700. I place all certificates in/etc/ssl/certswhich has permission mode0755. The owner/group for both is root:root.