Standard location for apache ssl certificates .key files.

[tacone]

Hello, we're building an ssl plugin for the Apache configurator
software we're building.

As we try to implement and promote the best practices, we found
ourselves stuck when trying to determine where the .key file of the
certificate should be placed, and with which permissions.

/etc/ssl/private seems the best option, but it's (correctly) readable
only by root, so Apache complains that files either doesn't exist or
it's empty.
We could easily create our own /etc/apache2/ssl/private directory
owned by www-data, but first we'd like to know if there's already a
standard location about storing SSL certificates to be used by Apache.

Which directory ? Which permissions? What's the best practice ?

Thank you very much for your help