SSL cert/key location

Farkas Levente lfarkas at bppiac.hu
Wed Dec 22 15:11:23 UTC 2004


Chris Adams wrote:
> Once upon a time, Axel Thimm <Axel.Thimm at ATrpms.net> said:
> 
>>Indeed, I always wondered why the certificates had been put under
>>/usr/share/ssl and by whom. The FHS had been quite strict on this from
>>the very beginning.
>>
>>/etc seems a rather sane place. Perhaps /etc/ssl/?
> 
> 
> You'll need to modify OpenSSL to handle multiple "default" directories.
> Currently I think you can only specify a single directory for certs (the
> certs setting under the CA_default section in openssl.cnf).
> Applications use OpenSSL calls to validate the cert chain, so it'll need
> to look in the local directory (/etc/ssl/certs) first and then the other
> directory (/usr/share/ssl/certs) when walking the cert chain.  The crl

why we need /usr/share/ssl/ at all? /etc/ssl would be enough (as one 
directory)!

-- 
   Levente                               "Si vis pacem para bellum!"




More information about the fedora-devel-list mailing list