#
if [ ! -f ${sslkey}/apache2-ca.key ]; then
- (umask 027; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
+ (umask 077; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
KEYS="${KEYS}
- ${sslkey}/apache2-ca.key"
fi
# Generate server certificate
#
-(umask 027; openssl genrsa -out ${sslkey}/apache2.key 1024)
+(umask 077; openssl genrsa -out ${sslkey}/apache2.key 1024)
echo 01 > "$TMPFILE2"
sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
-# Fix file access permissions and group ownership.
+# Fix file access permissions.
#
-chgrp www-data ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
-chmod 640 ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
+chmod 600 ${sslkey}/apache2-ca.key ${sslkey}/apache2.key
# Cleanup