Indeed, I always wondered why the certificates had been put under /usr/share/ssl and by whom. The FHS had been quite strict on this from the very beginning.
/etc seems a rather sane place. Perhaps /etc/ssl/?
You'll need to modify OpenSSL to handle multiple "default" directories. Currently I think you can only specify a single directory for certs (the certs setting under the CA_default section in openssl.cnf). Applications use OpenSSL calls to validate the cert chain, so it'll need to look in the local directory (/etc/ssl/certs) first and then the other directory (/usr/share/ssl/certs) when walking the cert chain. The crl
why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one directory)!
Because it may not be able to change all the apps and libraries at once which put stuff or expect to find stuff in /usr/share/ssl ?
-- Pekka Savola "You each name yourselves king, yet the Netcore Oy kingdom bleeds." Systems. Networks. Security. -- George R.R. Martin: A Clash of Kings
