SSL cert/key location (was: rawhide report: 20041217 changes)
Peter Robinson
pbrobinson at gmail.com
Wed Dec 22 02:23:39 UTC 2004
> > A better place for the certificates would be somewhere under /etc.
>
> Longer term, I think we really want a more formal certificate management
> system, with a defined interface for installing a certificate on the
> system (or for a specific user), removing certificates, granting access
> to certain certificates to particular daemons, creating a new CA, etc.
> And most importantly, get every application to use it. Right now it's
> just crazy with applications dropping certificates in any random place
> with ad-hoc access controls, and applications not using the same
> verification chains.
>
> A first step at this could be a utility like install-certificate that
> just dropped certs into a well-defined directory in /etc.
Sounds like the certificate stuff redhat bought from Netscape would
fit the bill quite nicely when they finish all the various stuff
required to release it.
P
More information about the fedora-devel-list
mailing list