MT#58444 Set correct permissions/ownership for ssl files

Key and csr files should be 640. All other files 644. Ownership for all files should be root:ssl-cert. Change-Id: Ie4c0c8070d856d881b9d47aa65f953869537ee1e
5 months ago · a8476ad20d
parent bdbd12613c
commit a8476ad20d
1 changed files with 6 additions and 2 deletions
--- a/tools/generate_ssl_keys.sh
+++ b/tools/generate_ssl_keys.sh
@ -55,9 +55,13 @@ else
    -signkey "${KEY_FILE}" -out "${CRT_FILE}" -extfile "${OPENSSL_CONFIG}"
 fi

-chmod 640 "${KEY_FILE}" "${CRT_FILE}"
+chmod 640 "${KEY_FILE}"
+chmod 644 "${CRT_FILE}"
 chown root:ssl-cert "${KEY_FILE}" "${CRT_FILE}"
-[ -r "${CSR_FILE}" ] && chmod 600 "${CSR_FILE}"
+if [ -r "${CSR_FILE}" ] ; then
+  chmod 640 "${CSR_FILE}"
+  chown root:ssl-cert "${CSR_FILE}"
+fi

 if [ "$SKIP_CSR" = "true" ] ; then
  echo "Generated ${KEY_FILE} ${CRT_FILE}"