On Mon, Jul 17, 2000 at 01:45:53PM +0100, Airey, John wrote:
> I hate to spoil your day but you should not have posted your .csr file, as
> that contains your SSL private key. You should not post either .csr or .key
> files. I personally wouldn't even post a .crt file. Keep them secret, owned
> by root with 400 permissions!
No, that isn't true - the .csr (Certificate Signing Request) contains only
the public key and some of the data to go with it. There is no private
keys in a certificate request - if there was, then you'd be shipping your
private key to the CA when you were about to get your cert signed :(
The private key is usually (default in mod_ssl) is kept in the .key file
and for that it is true that permissions should be as restrictive as
possible, but it is also a very good idea to have it encrypted!
vh
Mads Toftum
--
`Darn it, who spiked my coffee with water?!' - lwall
______________________________________________________________________
Apache Interface to OpenSSL (mod_ssl) www.modssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
