On Mon, 28 Jul 2014, Paul Goyette wrote:
On Mon, 28 Jul 2014, Dave Huang wrote:http://www.washington.edu/imap/documentation/SSLBUILD.html makes it sound like there's no configuration setting for the key/certificate path. Putting a private key in /etc/openssl/certs sounds bad for security to me, but maybe I'm making it a bigger deal than it really is.Well, the contents of certs directory are all set to 644, while the ca.key (in /etc/openssl/private/) is 600, so it also feels bad to me.
More details in the following page (linked from UW pages) make it a bit clearer:
http://gagravarr.org/writing/openssl-certs/personal.shtml#uw-imap And it also works fine to have the combined file with permissions 600 I feel a bit more secure now! :) ------------------------------------------------------------------------- | Paul Goyette | PGP Key fingerprint: | E-mail addresses: | | Customer Service | FA29 0E3B 35AF E8AE 6651 | paul at whooppee.com | | Network Engineer | 0786 F758 55DE 53BA 7731 | pgoyette at juniper.net | | Kernel Developer | | pgoyette at netbsd.org | -------------------------------------------------------------------------