Set Private Key File

Learning Focus

By the end of this lesson you will know how to configure the private key file path in the SSL listener.

Steps

1. Navigate to Listeners → SSL listener → SSL tab
2. Set Private Key File: /etc/ssl/private/cloudflare-origin.key
3. Save and Graceful Restart

Verify

# Confirm the file exists with correct permissions
ls -la /etc/ssl/private/cloudflare-origin.key
# Should be: -rw------- root root

# Verify certificate and key match
openssl x509 -noout -modulus -in /etc/ssl/certs/cloudflare-origin.pem | md5sum
openssl rsa -noout -modulus -in /etc/ssl/private/cloudflare-origin.key | md5sum
# Both hashes must match

warning

If the certificate and key modulus hashes do not match, the SSL listener will fail to start with a handshake error.

Key Takeaways

• The private key must have 600 permissions and be owned by root.
• Always verify the cert and key match with modulus comparison.

What's Next

• Continue to Enable HTTP/2 and HTTP/3 for protocol optimization.