Summary:ASTERISK-19267: RSA key for TLS should not be stored in same file as cert
Reporter:Daniel Pocock (daniel.pocock)Labels:
Date Opened:2012-01-29 12:36:01.000-0600Date Closed:2012-01-30 16:45:00.000-0600
Versions: Frequency of
- I believe the private key should be split into a separate PEM file, for extra security.

- I like to see the extension .key on my key files, so it is obvious what they are,

- and I like to have them accessible only to root - so Asterisk should load key files before dropping privileges

- the crt file (without key) can then be world readable

Why is this good?

- it means that support staff without root privs can check on crt files, but not keys

- it means monitoring software can find and scan the crts (to check expiry dates), without needing root privs

Comments:By: Matt Jordan (mjordan) 2012-01-30 16:44:46.053-0600

Features requests are no longer submitted to or accepted through the issue tracker. Features requests are openly discussed on the mailing lists [1] and Asterisk IRC channels and made note of by Bug Marshals.

[1] http://www.asterisk.org/support/mailing-lists