SSL cert/key location
seth vidal
skvidal at phy.duke.edu
Wed Dec 22 15:13:18 UTC 2004
On Wed, 2004-12-22 at 16:11 +0100, Farkas Levente wrote:
> Chris Adams wrote:
> > Once upon a time, Axel Thimm <Axel.Thimm at ATrpms.net> said:
> >
> >>Indeed, I always wondered why the certificates had been put under
> >>/usr/share/ssl and by whom. The FHS had been quite strict on this from
> >>the very beginning.
> >>
> >>/etc seems a rather sane place. Perhaps /etc/ssl/?
> >
> >
> > You'll need to modify OpenSSL to handle multiple "default" directories.
> > Currently I think you can only specify a single directory for certs (the
> > certs setting under the CA_default section in openssl.cnf).
> > Applications use OpenSSL calls to validate the cert chain, so it'll need
> > to look in the local directory (/etc/ssl/certs) first and then the other
> > directory (/usr/share/ssl/certs) when walking the cert chain. The crl
>
> why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one
> directory)!
>
And /etc/ssl would be FHS Compliant b/c the certs look a lot like a
configuration/data file. At the very least the certs should be in /var
but definitely not /usr
-sv
More information about the fedora-devel-list
mailing list