Using umask while generating SSL certificates (carnet-generate-ssl).

[apache2-cn.git] / carnet-generate-ssl

diff --git a/carnet-generate-ssl b/carnet-generate-ssl
index 34af61f..8d61008 100755 (executable)
--- a/carnet-generate-ssl
+++ b/carnet-generate-ssl
@@ -45,7 +45,7 @@ cd /etc/ssl
 #
 if [ ! -f ${sslkey}/apache2-ca.key ]; then
 
-    openssl genrsa -out ${sslkey}/apache2-ca.key 1024
+    (umask 027; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
     KEYS="${KEYS}
  - ${sslkey}/apache2-ca.key"
 fi
@@ -105,7 +105,7 @@ ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
 
 # Generate server certificate
 #
-openssl genrsa -out ${sslkey}/apache2.key 1024
+(umask 027; openssl genrsa -out ${sslkey}/apache2.key 1024)
 
 echo 01 > "$TMPFILE2"
 sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \