httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Joe Orton <jor...@redhat.com>
Subject Re: missing ssl.crt/ssl.key sub directories?
Date Fri, 02 Sep 2005 08:11:57 GMT
On Fri, Sep 02, 2005 at 02:14:24AM -0500, William Rowe wrote:
> It seems someone collapsed the ssl.crt/ and ssl.key/ directories from
> the default ssl.conf file for 2.1 dev, yet didn't collapse them entirely
> because the ca and other commented-out directives still keep the depth.
> 
> Having ssl.key files directly in conf/ makes it difficult to correctly
> maintain security, and is probably a bad idea all around.  The change
> seems a bit gratuitous.

"make install" never creates such directories so it's pretty pointless 
referencing them from the default config.  With this config it's 
possible to get an SSL server running with just a single openssl command 
to create a self-signed keypair: before, you have to mess around 
creating directories.

I don't see how it makes it "difficult to maintain security".  You can 
"chmod 700" a file just as easily as a directory.

joe

Mime
View raw message