🔐 1️⃣ Protect Your Private Key (MOST IMPORTANT)
Your key file:
/etc/pki/tls/private/nighthawkappraisals.key
Correct permissions:
sudo chown root:root /etc/pki/tls/private/nighthawkappraisals.key
sudo chmod 600 /etc/pki/tls/private/nighthawkappraisals.key
This means:
- Owner = root
- Only root can read/write
- Nobody else can access it
🔎 2️⃣ Verify It
ls -l /etc/pki/tls/private/nighthawkappraisals.key
You should see:
-rw——- 1 root root
That is correct.
🛡 3️⃣ Protect the Private Folder (Extra Safe)
sudo chmod 700 /etc/pki/tls/private
Only root can enter the folder.
📄 4️⃣ CSR File
CSR is NOT secret.
But if you still want to lock it:
sudo chmod 644 yourfile.csr
CSR can even be deleted after certificate issued.
📄 5️⃣ Certificate Files (.crt / bundle)
These are public, safe to allow read access:
sudo chmod 644 /etc/pki/tls/certs/ssl/*.crt
🚨 Important Reminder
Never:
- Email private key
- Upload private key anywhere
- Store private key in home folder
- Give 777 permissions
Private key must stay:
/etc/pki/tls/private/
🧠 Final Quick Checklist
| File Type | Permission |
| .key | 600 |
| .crt | 644 |
| .csr | 644 |
| private folder | 700 |
Top of Form
Bottom of Form
