|Summary:||ASTERISK-19267: RSA key for TLS should not be stored in same file as cert|
|Reporter:||Daniel Pocock (daniel.pocock)||Labels:|
|Date Opened:||2012-01-29 12:36:01.000-0600||Date Closed:||2012-01-30 16:45:00.000-0600|
- I believe the private key should be split into a separate PEM file, for extra security.
- I like to see the extension .key on my key files, so it is obvious what they are,
- and I like to have them accessible only to root - so Asterisk should load key files before dropping privileges
- the crt file (without key) can then be world readable
Why is this good?
- it means that support staff without root privs can check on crt files, but not keys
- it means monitoring software can find and scan the crts (to check expiry dates), without needing root privs
|Comments:||By: Matt Jordan (mjordan) 2012-01-30 16:44:46.053-0600|
Features requests are no longer submitted to or accepted through the issue tracker. Features requests are openly discussed on the mailing lists  and Asterisk IRC channels and made note of by Bug Marshals.