How to Protect SSL Keys and Certificates

Pre-Conditions : You have Generated a Private Key and a Certificate Sign Request (CSR)

Protect SSL Keys with chmod Bash Command

Execute the following command to protect the key:

chmod 400 /etc/apache2/ssl/

Files for your domain will be created in /etc/apache2/ssl. You may now submit the file ending in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA signs the request. Save this file as /etc/apache2/ssl/

Execute the following command to protect the signed certificate:

chmod 400 /etc/apache2/ssl/

Get the CA Root Certificate
Now you’ll need to get the root certificate for the CA that you paid to sign your certificate. You may obtain the root certs for various providers from these sites:

List of Certificate Authorities (Commercial SSL Providers)

  • Verisign
  • Thawte
  • Globalsign
  • Comodo
  • GoDaddy

For example, if you download a root cert for Verisign, you would save it to /etc/apache2/ssl/verisign.cer.

Leave a Reply

Your email address will not be published. Required fields are marked *