[warning: this e-mail is on-topic] On Wed, May 09, 2007 at 05:27:21PM +0100, Richard W.M. Jones wrote: > Is there a Fedora standard for what goes in /etc/pki? No, though there problably should be :) > Or to put it another way, if I were writing an application and I put its > PKI files in /etc/pki/<myappname>/... would that be OK? > > Particular files that the application needs to store: > > * self-generated CA certificate and associated files such as revocation > list, issued certs, CA's private key > * list of client certs of clients allowed to access (on server) > * machine's own private key and certificate (client & server) I'd vaguely prefer to see these in /etc/pki/tls/appname if it's all TLS specific. Out of interest, is the PKI use for the app in question something which must be strictly private to the app? Can you give some details of what you're actually doing? (I've been thinking of writing some simple scripts/tools to create system-wide default CA, hostname or service-specific signed certs, etc. At the moment we have a bunch of daemons which have %post scripts to create self-signed certs, it's all a bit disorganised and redundant.) joe -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
