Joe Orton jorton at redhat.com
Thu May 10 13:49:45 UTC 2007

[warning: this e-mail is on-topic]

On Wed, May 09, 2007 at 05:27:21PM +0100, Richard W.M. Jones wrote:
> Is there a Fedora standard for what goes in /etc/pki?

No, though there problably should be :)

> Or to put it another way, if I were writing an application and I put its 
> PKI files in /etc/pki/<myappname>/... would that be OK?
> Particular files that the application needs to store:
> * self-generated CA certificate and associated files such as revocation 
> list, issued certs, CA's private key
> * list of client certs of clients allowed to access (on server)
> * machine's own private key and certificate (client & server)

I'd vaguely prefer to see these in /etc/pki/tls/appname if it's all TLS 
specific.  Out of interest, is the PKI use for the app in question 
something which must be strictly private to the app?  Can you give some 
details of what you're actually doing?

(I've been thinking of writing some simple scripts/tools to create 
system-wide default CA, hostname or service-specific signed certs, etc.  
At the moment we have a bunch of daemons which have %post scripts to 
create self-signed certs, it's all a bit disorganised and redundant.)


More information about the fedora-devel-list mailing list