OPNsense Forum

English Forums => Documentation and Translation => Topic started by: Stilez on August 26, 2020, 02:04:45 am

Title: Permissions on certificate bundles
Post by: Stilez on August 26, 2020, 02:04:45 am

The docs just state to set "some sane permissions" (https://docs.opnsense.org/manual/how-tos/self-signed-chain.html) on certificate bundles for the internal web server.  Hardly specific.


What permissions are minimally recommended for the internal web server?


Would similar permissions be appropriate for other certs like SSH?


Thanks for answers, and if someone could update the docs with that info it could help others too :)

Title: Re: Permissions on certificate bundles
Post by: fabian on August 26, 2020, 05:04:13 pm

400 if the Webserver owns the file or
640 if the file is owned by root and the Webserver gets access by a specific group

Title: Re: Permissions on certificate bundles
Post by: franco on August 26, 2020, 05:04:56 pm

Higher up in the doc it already mentions 400, probably an oversight it doesn't say so at the bottom.


Cheers,
Franco