{"id":685,"date":"2026-02-12T16:37:45","date_gmt":"2026-02-13T00:37:45","guid":{"rendered":"https:\/\/blog.iabsolute.com\/?p=685"},"modified":"2026-02-12T16:37:45","modified_gmt":"2026-02-13T00:37:45","slug":"protect-your-private-key","status":"publish","type":"post","link":"https:\/\/blog.iabsolute.com\/?p=685","title":{"rendered":"Protect Your Private Key"},"content":{"rendered":"\n<p><strong>\ud83d\udd10 1\ufe0f<\/strong><strong>\u20e3 Protect Your Private Key (MOST IMPORTANT)<\/strong><\/p>\n\n\n\n<p>Your key file:<\/p>\n\n\n\n<p>\/etc\/pki\/tls\/private\/nighthawkappraisals.key<\/p>\n\n\n\n<p><strong>Correct permissions:<\/strong><\/p>\n\n\n\n<p>sudo chown root:root \/etc\/pki\/tls\/private\/nighthawkappraisals.key<\/p>\n\n\n\n<p>sudo chmod 600 \/etc\/pki\/tls\/private\/nighthawkappraisals.key<\/p>\n\n\n\n<p>This means:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Owner = root<\/li>\n\n\n\n<li>Only root can read\/write<\/li>\n\n\n\n<li>Nobody else can access it<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\ud83d\udd0e 2\ufe0f<\/strong><strong>\u20e3 Verify It<\/strong><\/p>\n\n\n\n<p>ls -l \/etc\/pki\/tls\/private\/nighthawkappraisals.key<\/p>\n\n\n\n<p>You should see:<\/p>\n\n\n\n<p>-rw&#8212;&#8212;- 1 root root<\/p>\n\n\n\n<p>That is correct.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\ud83d\udee1 3\ufe0f<\/strong><strong>\u20e3 Protect the Private Folder (Extra Safe)<\/strong><\/p>\n\n\n\n<p>sudo chmod 700 \/etc\/pki\/tls\/private<\/p>\n\n\n\n<p>Only root can enter the folder.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\ud83d\udcc4 4\ufe0f<\/strong><strong>\u20e3 CSR File<\/strong><\/p>\n\n\n\n<p>CSR is NOT secret.<\/p>\n\n\n\n<p>But if you still want to lock it:<\/p>\n\n\n\n<p>sudo chmod 644 yourfile.csr<\/p>\n\n\n\n<p>CSR can even be deleted after certificate issued.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\ud83d\udcc4 5\ufe0f<\/strong><strong>\u20e3 Certificate Files (.crt \/ bundle)<\/strong><\/p>\n\n\n\n<p>These are public, safe to allow read access:<\/p>\n\n\n\n<p>sudo chmod 644 \/etc\/pki\/tls\/certs\/ssl\/*.crt<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\ud83d\udea8 Important Reminder<\/strong><\/p>\n\n\n\n<p>Never:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Email private key<\/li>\n\n\n\n<li>Upload private key anywhere<\/li>\n\n\n\n<li>Store private key in home folder<\/li>\n\n\n\n<li>Give 777 permissions<\/li>\n<\/ul>\n\n\n\n<p>Private key must stay:<\/p>\n\n\n\n<p>\/etc\/pki\/tls\/private\/<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><strong>\ud83e\udde0 Final Quick Checklist<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-table\"><table><thead><tr><td><strong>File Type<\/strong><\/td><td><strong>Permission<\/strong><\/td><\/tr><\/thead><tbody><tr><td>.key<\/td><td>600<\/td><\/tr><tr><td>.crt<\/td><td>644<\/td><\/tr><tr><td>.csr<\/td><td>644<\/td><\/tr><tr><td>private folder<\/td><td>700<\/td><\/tr><\/tbody><\/table><\/figure>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p>Top of Form<\/p>\n\n\n\n<p>Bottom of Form<\/p>\n","protected":false},"excerpt":{"rendered":"<p>\ud83d\udd10 1\ufe0f\u20e3 Protect Your Private Key (MOST IMPORTANT) Your key file: \/etc\/pki\/tls\/private\/nighthawkappraisals.key Correct permissions: sudo chown root:root \/etc\/pki\/tls\/private\/nighthawkappraisals.key sudo chmod 600 \/etc\/pki\/tls\/private\/nighthawkappraisals.key This means: \ud83d\udd0e 2\ufe0f\u20e3 Verify It ls -l \/etc\/pki\/tls\/private\/nighthawkappraisals.key You should see: -rw&#8212;&#8212;- 1 root root That is &hellip; <a href=\"https:\/\/blog.iabsolute.com\/?p=685\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[25,9,2],"tags":[],"class_list":["post-685","post","type-post","status-publish","format-standard","hentry","category-apache","category-command-line-my-linux","category-my-linux"],"_links":{"self":[{"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=\/wp\/v2\/posts\/685","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=685"}],"version-history":[{"count":1,"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=\/wp\/v2\/posts\/685\/revisions"}],"predecessor-version":[{"id":686,"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=\/wp\/v2\/posts\/685\/revisions\/686"}],"wp:attachment":[{"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=685"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=685"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.iabsolute.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=685"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}