Fix incorrect permissions for key files.

Fixes #5300
2013-12-11 15:14:24 +01:00 · 2013-12-11 15:14:24 +01:00 · c410ca0b54
parent 3c1fc98f5c
commit c410ca0b54
2 changed files with 2 additions and 0 deletions
--- a/pki/icinga2-build-ca.cmake
+++ b/pki/icinga2-build-ca.cmake
@ -19,4 +19,5 @@ cp $ICINGA2PKIDIR/vars $ICINGA_CA/
 source $ICINGA_CA/vars

 KEY_DIR=$ICINGA_CA openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -x509 -days 3650 -keyform PEM -keyout $ICINGA_CA/ca.key -outform PEM -out $ICINGA_CA/ca.crt && \
+	chmod 600 $ICINGA_CA/ca.key && \
 	echo -e "\n\tIf you want to change the default settings for server certificates check out \"$ICINGA_CA/vars\".\n"
--- a/pki/icinga2-build-key.cmake
+++ b/pki/icinga2-build-key.cmake
@ -28,5 +28,6 @@ fi

 REQ_COMMON_NAME="$name" KEY_DIR="$ICINGA_CA" openssl req -config $ICINGA2PKIDIR/openssl.cnf -new -newkey rsa:4096 -keyform PEM -keyout $ICINGA_CA/$name.key -outform PEM -out $ICINGA_CA/$name.csr -nodes && \
 	openssl x509 -days "$REQ_DAYS" -CA $ICINGA_CA/ca.crt -CAkey $ICINGA_CA/ca.key -req -in $ICINGA_CA/$name.csr -outform PEM -out $ICINGA_CA/$name.tmp -CAserial $ICINGA_CA/serial && \
+	chmod 600 $ICINGA_CA/$name.key && \
 	openssl x509 -in $ICINGA_CA/$name.tmp -text >  $ICINGA_CA/$name.crt && \
 	rm -f $ICINGA_CA/$name.csr $ICINGA_CA/$name.tmp