MAMP Pro + Private Key

I use MAMP on Mac OS for website testing. At some point, the private keys issued by certbot have different access on them compared to the cert, chain, fullchain keys.

The private key has system: read:write and everyone:none access.

When I go into MAMP to select the privkey.pem for Apache, it says it cannot access the key and won't allow me to select it. So, I went and changed the permissions on the privkey to everyone: read only and MAMP can recognize the key.

Is this OK to do? If not, how can I get MAMP to properly work with the privkeys now? Also, it seems renewal keys don't have this issue and it retains the access settings I made on them.

1 Like

No, a private key should never be readable by everyone. You should limit it to the user running MAMP. On Linux systems, the user would be root. Webservers like Apache would start as root, read the private key and drop privileges to a non-root user. I'm not familiair with MAMP on Mac tho.

1 Like

Makes sense. So read only for user running MAMP is good enough?

1 Like