When you create X.509 certificates or private keys, you must be logged on as root.
To prevent unauthorized overwriting of X.509 certificates and private key files, set the ownership and permissions as follows:
- The certificates and private key files are owned by root and the group is tdtrusted.
- The permissions are set to 640.
For example:
-rw-r----- 1 root tdtrusted 0 May 21 15:07 cert