mod_ssl rpm in RHEL 5.4 is creating a certificate which is readable only by root
Issue
- When
mod_sslis installed, it generates a certificate and key file. It sets the umask to077causing both the key and certificate file to be readable by root only. While this is correct for the private key (/etc/pki/tls/private/localhost.key), the certificate file (/etc/pki/tls/certs/localhost.crt) should be world readable. Because the certificate file is not world-readable, certain applications that use openssl can not read the certificate which could lead to problems or authentication failures.
Environment
- Red Hat Enterprise Linux (RHEL) 5.4
- mod-ssl-2.2.3-31.el5
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase of over 48,000 articles and solutions.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.
