[Pulp-list] Devsetup certificates

Jay Dobies jason.dobies at redhat.com
Fri Feb 18 15:19:36 UTC 2011


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 02/17/2011 08:35 AM, Lukas Zapletal wrote:
> Hello,
> 
> I am a little bit confused about certificates in my developer setup
> which I did according to the wiki pages.
> 
> If I search for SSL related configuration in my httpd I see this:
> 
> # grep -R crt /etc/httpd
> /etc/httpd/conf/httpd.conf:AddType application/x-x509-ca-cert .crt
> /etc/httpd/conf.d/pulp.conf:AddType application/x-x509-ca-cert .crt
> /etc/httpd/conf.d/pulp.conf:SSLCACertificateFile /etc/pki/pulp/ca.crt
> /etc/httpd/conf.d/ssl.conf:SSLCertificateFile
> /etc/pki/tls/certs/localhost.crt
> /etc/httpd/conf.d/ssl.conf:#SSLCertificateChainFile
> /etc/pki/tls/certs/server-chain.crt
> /etc/httpd/conf.d/ssl.conf:#SSLCACertificateFile
> /etc/pki/tls/certs/ca-bundle.crt
> 
> The server cert is configured twice. I can see my httpd uses the one
> configured in ssl.conf (/etc/pki/tls/certs/localhost.crt):
> 
> # openssl s_client -connect myhost:443
> 
> What is the /etc/pki/pulp/ca.crt for?

Pulp creates its own certificates for identification/authorization. This
is the CA pulp uses to sign them.

> Thanks
> 


- -- 
Jay Dobies
RHCE# 805008743336126
Freenode: jdob
http://pulpproject.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.14 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJNXo4IAAoJEOMmcTqOSQHCDrUH/iky+m0D07n6yJLjJYL7Jq9j
oA8yStf5wpbhu72RgTP6nJDfr+/AdPLwX9ChU3jZvaVCTIqQ5b2UW/oHwQ0Oyyhq
MQw4CXZ3WVA60gF9aDLko9vHo0GTsGrB010qi4jbHmRJOVLuKyDp3l2VyQnEPaB0
wVY4Gem7grQjLw8JzEDnZgebBs7WzUL3bIQx7qETmVP/0eFfWetJ4Ym8fbhrzZVM
C5xi+PuUhjeuYfdGoC3Zvj3u/OYNCQBX84YpvNrNzsL6EPxXXbod9HfvJtzo2jYr
I01BTnPXx8YggiuQ9zqBCVd8EapTmmFf07w2iN2x0gFE3Ylgtaqye08tXJfpf1o=
=zXvm
-----END PGP SIGNATURE-----




More information about the Pulp-list mailing list