hi,
I need to deploy an internal CA to our hosts. Fedora is planning
something I could use now
http://fedoraproject.org/wiki/Features/SharedSystemCertificates but it
is not there yet ;-)
I already have a deploying infrastructure (cfengine), so my question
is: what files do I need to move around for a systemwide installation?
The obvious start point will be /etc/PKI/ but in there in a random
client I already see some problems:
ls -l /etc/pki/
total 28
drwxr-xr-x. 6 root root 4096 Aug 23 06:55 CA
drwxr-xr-x. 4 root root 4096 Mar 13 2012 dovecot
drwxr-xr-x. 2 root root 4096 Mar 11 2012 java
drwxr-xr-x. 2 root root 4096 Feb 8 10:46 nssdb
drwxr-xr-x. 2 root root 4096 Oct 25 23:06 rpm-gpg
drwx------. 2 root root 4096 Jun 22 2012 rsyslog
drwxr-xr-x. 5 root root 4096 Oct 25 23:07 tls
For ldap queries, I need to add it in /etc/openldap/certs and run
cacertdir_rehash.
But there are lots of other apps that have their own configuration.
I guess I am not the first to have to do this, but google found little
info about this. Have you guys gone through such a project and would
you care sharing your solutions?
Thanks!
--
Groeten,
natxo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
