Re: /etc/pki/CA and ca-bundle.crt

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, 2005-04-26 at 16:11 +0200, Farkas Levente wrote:
> hi,
> after finally cert are moved under /etc(/pki...) which should have been 
> done for a long time ago, it's not clear to me. if there is a dir 
> /etc/pki/CA then why ca-bundle.crt put under /etc/pki/tls/certs (in 
> openssl)? what is the new proposed 'standard'? for me it's totaly 
> irrelevant what is the standard (anything else than /usr/share/ssl is 
> better), but i'd like to know it. is there any docs about it? if 
> ca-bundle.crt than eg. my CA should have to put into /etc/pki/tls/certs 
> or /etc/pki/CA?
They have different purposes. The ca-bundle.crt contains certificates of
the trusted CAs. You can add your CA's certificate there if you want to.
However the /etc/pki/CA hierarchy is intended for keys/configuration and
data files of the local certificate authority which is provided by
the /etc/pki/tls/misc/CA(.pl) scripts. After you will generate the local
CA certs by CA -newca you can of course put this CA certificate to the
ca-bundle.crt.

> at the same time openssl's Makefile still create certs into
> /etc/httpd/conf/ssl.xxx/
This Makefile should be probably generalized or moved to the mod_ssl
package.

-- 
Tomas Mraz <tmraz@xxxxxxxxxx>


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux