A very ignorant question, sans doute.
I get my certificates from cacert.org, to whom I am very grateful.
I follow what I take to be the official procedure,
first creating <server>.key and <server>.csr on my server
and then getting <server>.crt by going to Server Certificate=>New
at the cacert site.
I then place the key certficate *.key in /etc/pki/tls/private/
and what I call the client certificate *.crt in /etc/pki/tls/certs/ .
But I notice that there at www.cacert.org there is
a Client Certificate folder as well as the Server Certificate folder,
and it seems that one can create a "client certificate" there.
My quesion is: what is the purpose of this second client certificate?
And while I am on the topic, what are the recommended file permissions
for PKI certificates?
I was a little surprised to find my <server>.key has permission 640,
while <server>.crt has permission 644.
The folder /etc/pki/tls/private/ on my server
does not seem to have any special security;
it is owned by root but can be opened and listed by anybody.
Is that the recommended setup?
--
Timothy Murphy
e-mail: gayleard /at/ eircom.net
School of Mathematics, Trinity College, Dublin 2, Ireland
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
