SSL certificate management/storage

Aurelien Bompard gauret at
Fri Feb 4 22:50:09 UTC 2005

Joe Orton wrote:
> 1. certificate storage is split between /etc/httpd/conf/ssl.*
> for mod_ssl-specific stuff, and and /usr/share/ssl for system-wide
> 2. ... and /usr/share/ssl is Very Wrong for "config data" like certs
> 3. increasing number of daemon packages are creating self-signed
> certs in %post scripts; could/should this be unified?

For what it's worth, Debian puts its certs in /etc/ssl/certs.
There may be a problem with apache accessing files in /etc/ssl because of
SELinux, but I don't know much about SELinux yet.

Having the contents of /usr/share/ssl in /etc would be nice, since it's
mainly config files (except the scripts).


--   ~~~~   Jabber : gauret at
No, I coded it crappily on purpose, just so that I could say "There's
plenty of room for optimization."

More information about the fedora-devel-list mailing list