Re: The 284 files in /etc/ssl/certs? There must be a purpose...

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

Aaron Griffin wrote:
> On Sun, Apr 26, 2009 at 11:44 PM, David C. Rankin
> <drankinatty@xxxxxxxxxxxxxxxxxx> wrote:
>> David C. Rankin wrote:
>>> Listmates,
>>>
>>>       One thing I noticed when generating dovecot certs was the significant number
>>> of files in /etc/ssl/certs. What is the reason for/background of Arch's
>>> gathering of so many cert files, and is there some specific way we should make
>>> use of them? Are they just there for convenience? Are they current?
>>>
>> A bit more info:
>>
>>        The reason I asked is that I'm not familiar with the certs Arch has collected
>> there, but I do deal with self-signed certificates a bit. If what's in the
>> /etc/ssl/certs directory will help me build a better certificate chain, I would
>> love to know about it.
> 
> I have a feeling these are all from the ca-certificates package, which
> is from Debian:
> http://packages.qa.debian.org/c/ca-certificates.html
> 

Aaron,

	Thanks for the link. Checking further, it seems there isn't that much about
the ca-certs package on the debian site, basically your are just referred to
the securing-debian-howto (which has good information) but the total text on
the ca-certificates package is:

8.7     SSL Infrastructure
Debian does provide some SSL certificates with the distribution so that they
can be installed locally. They are found in the ca-certificates package. This
package provides a central repository of certificates that have been submitted
to Debian and approved (that is, verified) by the package maintainer, useful
for any OpenSSL applications which verify SSL connections.

	I'm browsing through
http://www.linux.org/docs/ldp/howto/SSL-Certificates-HOWTO/index.html to see if
I can get a better handle on what the purpose of all the certs are for and what
can be done with them and then I'll look at the OpenSSL site for additional
info. If I get time, I'll do a short howto once I figure it out.

-- 
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux