How to Protect SSL Keys and Certificates
Pre-Conditions : You have Generated a Private Key and a Certificate Sign Request (CSR)
Protect SSL Keys with chmod Bash Command
Execute the following command to protect the key:
chmod 400 /etc/apache2/ssl/www.mydomain.com.key
Files for your domain will be created in /etc/apache2/ssl. You may now submit the file ending in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA signs the request. Save this file as /etc/apache2/ssl/www.mydomain.com.crt.
Execute the following command to protect the signed certificate:
chmod 400 /etc/apache2/ssl/www.mydomain.com.crt
Get the CA Root Certificate
Now you’ll need to get the root certificate for the CA that you paid to sign your certificate. You may obtain the root certs for various providers from these sites:
List of Certificate Authorities (Commercial SSL Providers)
For example, if you download a root cert for Verisign, you would save it to /etc/apache2/ssl/verisign.cer.