SSL certificate management/storage
Aurelien Bompard
gauret at free.fr
Fri Feb 4 22:50:09 UTC 2005
Joe Orton wrote:
> 1. certificate storage is split between /etc/httpd/conf/ssl.*
> for mod_ssl-specific stuff, and and /usr/share/ssl for system-wide
> 2. ... and /usr/share/ssl is Very Wrong for "config data" like certs
> 3. increasing number of daemon packages are creating self-signed
> certs in %post scripts; could/should this be unified?
For what it's worth, Debian puts its certs in /etc/ssl/certs.
There may be a problem with apache accessing files in /etc/ssl because of
SELinux, but I don't know much about SELinux yet.
Having the contents of /usr/share/ssl in /etc would be nice, since it's
mainly config files (except the scripts).
Regards,
Aurélien
--
http://gauret.free.fr ~~~~ Jabber : gauret at amessage.info
No, I coded it crappily on purpose, just so that I could say "There's
plenty of room for optimization."
More information about the fedora-devel-list
mailing list