X-Git-Url: http://ftp.carnet.hr/carnet-debian/scm?p=apache2-cn.git;a=blobdiff_plain;f=carnet-generate-ssl;h=7f618ba3d4be9e7924a9dd8bc3cfc3a522b979bf;hp=34af61f6b212ee5fb17d367e804c5a630fce2a3d;hb=ed9c8bc9f8313d02a198b456e3d97fcd2d86521b;hpb=d0545bc48a700b22c3def9c648d97c6b80398cfe

diff --git a/carnet-generate-ssl b/carnet-generate-ssl
index 34af61f..7f618ba 100755
--- a/carnet-generate-ssl
+++ b/carnet-generate-ssl
@@ -45,7 +45,7 @@ cd /etc/ssl
 #
 if [ ! -f ${sslkey}/apache2-ca.key ]; then
 
-    openssl genrsa -out ${sslkey}/apache2-ca.key 1024
+    (umask 077; openssl genrsa -out ${sslkey}/apache2-ca.key 1024)
     KEYS="${KEYS}
  - ${sslkey}/apache2-ca.key"
 fi
@@ -105,7 +105,7 @@ ln -sf apache2-ca.pem $(openssl x509 -hash -noout -in apache2-ca.pem)
 
 # Generate server certificate
 #
-openssl genrsa -out ${sslkey}/apache2.key 1024
+(umask 077; openssl genrsa -out ${sslkey}/apache2.key 1024)
 
 echo 01 > "$TMPFILE2"
 sed "s/HOST/$FQDN/g; s/DOMAIN/$DOMAIN/g; s/WEBMASTER/$WEBMASTER/g" \
@@ -134,10 +134,9 @@ cd ${sslcrt}
 ln -sf apache2.pem $(openssl x509 -hash -noout -in apache2.pem)
 
 
-# Fix file access permissions and group ownership.
+# Fix file access permissions.
 #
-chgrp www-data ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
-chmod 640 ${sslkey}/apache2-ca.key ${sslkey}/apache2-ca.csr ${sslkey}/apache2.key ${sslkey}/apache2.csr
+chmod 600 ${sslkey}/apache2-ca.key ${sslkey}/apache2.key
 
 
 # Cleanup