Upload to Server

Learning Focus

By the end of this lesson you will know how to upload certificate files securely.

Transfer Methods

Via SCP

# From your local machine
scp cloudflare-origin.pem user@your-server:/tmp/
scp cloudflare-origin.key user@your-server:/tmp/

Via SSH (Paste Directly)

# On the server
sudo nano /etc/ssl/certs/cloudflare-origin.pem    # Paste certificate
sudo nano /etc/ssl/private/cloudflare-origin.key   # Paste private key

Set Correct Permissions

# Certificate (public — 644 is fine)
sudo chmod 644 /etc/ssl/certs/cloudflare-origin.pem
sudo chown root:root /etc/ssl/certs/cloudflare-origin.pem

# Private key (sensitive — 600, root only)
sudo chmod 600 /etc/ssl/private/cloudflare-origin.key
sudo chown root:root /etc/ssl/private/cloudflare-origin.key

warning

The private key must have 600 permissions. A world-readable private key is a critical security vulnerability.

Key Takeaways

• Upload certificate and key to separate directories (certs vs private).
• Set 600 permissions on the private key.
• Verify ownership is root:root for both files.

What's Next

• Continue to Configure in OpenLiteSpeed SSL for listener setup.