Note on key permissions (#59)

serverless-ca · Mar 17, 2024 · 3e6f5a6 · 3e6f5a6
1 parent 17a082d
commit 3e6f5a6
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/docs/client-certificates.md b/docs/client-certificates.md
@@ -13,6 +13,11 @@ There are two methods available for requesting and issuing client certificates:
 **Approach - developer testing**
 * Follow instructions at the end of [GettingStarted](getting-started.md)
 * Developer needs an IAM role with permissions to invoke the CA TLS Lambda function
+* Protect your private keys, e.g. on Linux / MacOS:
+```
+chmod 600 ~/certs/client-cert.pem
+chmod 600 ~/certs/client-cert-key.pem
+```
 
 ## Lambda - Amazon EKS or ECS