brungu

> If you don't need GUI users to reach these pages simply give them less than administrator privileges. Hence you downgrade certificate security to Web server access control. I'd never...

The point is: The reason why people don't want to run Web severs as root is the possibility of bypassing Web Server security. Therefore private keys are handled by root...

@Denton22 Thank you for your explanations! > You can extract Private Keys in Fortigates, Checkpoint, F5 etc... Unencrypted? I doubt this still holds. To extend the list: Sophos does not...

@Denton22 wrote: > Opensense doesent provide viewing the Private Key in GUI, under Trust > Certificates > Webserver Cert >show certificate Info there are no key related entries, only the...

As always, security and convenience must be balanced carefully. If a system is trimmed for convenience, it is most likely not secure. If it's trimmed for security, it is inconvenient...