Author Topic: Why user can't add / generate its own SSL Certificate ?  (Read 352 times)

0 Members and 1 Guest are viewing this topic.

Offline
*
Why user can't add / generate its own SSL Certificate ?
« on: July 22, 2017, 03:38:19 AM »
Either it is not possible, or I can't find it.

Offline
***
Re: Why user can't add / generate its own SSL Certificate ?
« Reply #1 on: October 09, 2017, 06:00:30 AM »
Users can`t add/generate their own SSL Certificate. The apache process and all apache files are owned by root so even if the user create his/her own SSL Certificate they can`t write it down in the config file. It is possible to be done with a little bit server side scripting but in the same time it`s becoming a security risk. Let`s get into this movie:
The root is going for a holiday. The user is allowed to generate SSL Certificate and put it in the config file. So the user have rights to edit apache configs. The USER is USER, he`s not ROOT. 99.95% of the users are and will remain users with the will to try something new if it works and how it works. The user generates the SSL Certificate and puts it into the config file. He breaks the apache server and apache is down. All other users are suffering without web server and mourning why the f**k they payed for this hosting or if it`s free why they trusted it to put important files there and they can`t access it until the root comes back from holiday and fix the problem.
Personally for me, as less rights the user has is as better. Let the user be user and the root to be root. Personal opinion.
Current uptime (FreeBSD 8.1-RELEASE-p17):
UNIX is a very simple OS, but you have to be a GENIUS to understand it ...