SSL cert/key location (was: rawhide report: 20041217 changes)
David Woodhouse
dwmw2 at infradead.org
Wed Dec 22 12:11:59 UTC 2004
On Tue, 2004-12-21 at 17:01 -0500, Colin Walters wrote:
> On Tue, 2004-12-21 at 21:28 +0100, Enrico Scholz wrote:
>
> > A better place for the certificates would be somewhere under /etc.
Agreed.
> Longer term, I think we really want a more formal certificate management
> system, with a defined interface for installing a certificate on the
> system (or for a specific user), removing certificates, granting access
> to certain certificates to particular daemons, creating a new CA, etc.
Also agreed. As it was I just copied the %post script from dovecot, but
I note that mod_ssl does it differently.
> A first step at this could be a utility like install-certificate that
> just dropped certs into a well-defined directory in /etc.
Provide a patch which adds this to the openssl package, I suppose.
Once this exists we can fix the Exim/dovecot/etc RPMs to use it.
--
dwmw2
More information about the fedora-devel-list
mailing list