On Tue, Apr 19, 2005 at 04:07:02PM -0400, John Dennis wrote:
> At the moment we have an ad hoc approach to where we store ssl
> certificates and other keys. The openssl package installs
> into /usr/share/ssl and some packages store their keys
> in /usr/share/ssl/certs/{public,private} because of the lack of anything
> better and its the closest thing we have to a standard location. Other
> packages (e.g. httpd) store their keys in their own directories.
>
> There are three major reasons to create a new uniform location, and this
> is a proposal to do so:
/etc/keys/{public,private} is a bit minimal, I think we really need to
take enough time to address where to put CRLs, the CA bundle, and
everything else that currently goes in /usr/share/ssl/* and
/etc/httpd/conf/ssl.* in one shot at least, otherwise we'll spend a
couple of release mucking users about by moving stuff around.
/etc/keys is not the obvious choice of name to me - I'd prefer /etc/pki
or /etc/ssl, unless anyone has plans to put anything other than X.509
stuff in there?
joe
