root:root, chmod 400. And ideally your Root CA files should not be hosted on your web server, otherwise a server compromise also compromises your root authority. https://redmine.lighttpd.net/projects/1/wiki/docs_ssl Permissions Be careful to keep your .pem file private! Lighttpd reads all pemfiles at startup, before dropping privileges. It is therefore best to make the pem file owned by root and readable by root only: $ chown root:root /etc/lighttpd/ssl/example.org.pem $ chmod 400 /etc/lighttpd/ssl/example.org.pem On Fri, Nov 9, 2018 at 10:04 PM Ikwyl6 via openssl-users <openssl-users@xxxxxxxxxxx> wrote: > > Hi - I created a question on Super User about questions on file permissions and what the file permissions should be on created files. See link here: > > https://superuser.com/questions/1368747/file-permissions-for-openssl-created-files-for-https-web-server-lighttpd > > Could someone comment on what file permissions should be on each file and who should own them. > > Thank you. > -- > openssl-users mailing list > To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users