On Mon, 28 Jul 2014, Paul Goyette wrote:
On Mon, 28 Jul 2014, Dave Huang wrote:
http://www.washington.edu/imap/documentation/SSLBUILD.html makes it
sound like there's no configuration setting for the key/certificate
path. Putting a private key in /etc/openssl/certs sounds bad for
security to me, but maybe I'm making it a bigger deal than it really
is.
Well, the contents of certs directory are all set to 644, while the ca.key
(in /etc/openssl/private/) is 600, so it also feels bad to me.
More details in the following page (linked from UW pages) make it a bit
clearer:
http://gagravarr.org/writing/openssl-certs/personal.shtml#uw-imap
And it also works fine to have the combined file with permissions 600
I feel a bit more secure now! :)
-------------------------------------------------------------------------
| Paul Goyette | PGP Key fingerprint: | E-mail addresses: |
| Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com |
| Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net |
| Kernel Developer | | pgoyette at netbsd.org |
-------------------------------------------------------------------------
