add CA to centos clients

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



hi,

I need to deploy an internal CA to our hosts. Fedora is planning
something I could use now
http://fedoraproject.org/wiki/Features/SharedSystemCertificates but it
is not there yet ;-)

I already have a deploying infrastructure (cfengine), so my question
is: what files do I need to move around for a systemwide installation?

The obvious start point will be /etc/PKI/ but in there in a random
client I already see some problems:

ls -l /etc/pki/
total 28
drwxr-xr-x. 6 root root 4096 Aug 23 06:55 CA
drwxr-xr-x. 4 root root 4096 Mar 13  2012 dovecot
drwxr-xr-x. 2 root root 4096 Mar 11  2012 java
drwxr-xr-x. 2 root root 4096 Feb  8 10:46 nssdb
drwxr-xr-x. 2 root root 4096 Oct 25 23:06 rpm-gpg
drwx------. 2 root root 4096 Jun 22  2012 rsyslog
drwxr-xr-x. 5 root root 4096 Oct 25 23:07 tls

For ldap queries, I need to add it in /etc/openldap/certs and run
cacertdir_rehash.

But there are lots of other apps that have their own configuration.

I guess I am not the first to have to do this, but google found little
info about this. Have you guys gone through such a project and would
you care sharing your solutions?

Thanks!
--
Groeten,
natxo
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos


[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux