Re: where 'o where to store certificates and keys

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 19, 2005 at 04:07:02PM -0400, John Dennis wrote:
> At the moment we have an ad hoc approach to where we store ssl
> certificates and other keys. The openssl package installs
> into /usr/share/ssl and some packages store their keys
> in /usr/share/ssl/certs/{public,private} because of the lack of anything
> better and its the closest thing we have to a standard location. Other
> packages (e.g. httpd) store their keys in their own directories.
> 
> There are three major reasons to create a new uniform location, and this
> is a proposal to do so:

/etc/keys/{public,private} is a bit minimal, I think we really need to
take enough time to address where to put CRLs, the CA bundle, and
everything else that currently goes in /usr/share/ssl/* and
/etc/httpd/conf/ssl.* in one shot at least, otherwise we'll spend a
couple of release mucking users about by moving stuff around.

/etc/keys is not the obvious choice of name to me - I'd prefer /etc/pki
or /etc/ssl, unless anyone has plans to put anything other than X.509
stuff in there?

joe


[Index of Archives]     [Fedora Users]     [Fedora Development]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]

  Powered by Linux