Xhier Certificate Location

To see how this inclusion page fits in with similar ones, perhaps see one of

Certificate Location under Xhier

IncludeCertLocationXhier
The great Xhier guru Patrick Matlock conceived that all applications configured under xhier should have a single location in which SSL certificates (and private keys) should be kept.

Therefore he created an sslCerts xhier package (which has had an only version sslCerts-1) under which certificates should be stored.

On xhiered systems, certificates should be placed in

       /software/sslCerts/config/certs/
and software configured to reference them from there.

Similarly private keys should be put in

       /software/sslCerts/config/certs/private/
with configuration set appropriately.

Note that, although one suspects the idea was that directory should be mode 700, it now tends to be 711 or worse, so you should make sure the individual files are not readable by world or inappropriate groups. (The search permission may be designed to allow daemons running as non-root to access individual key files?)

An automated process, part of the sslCerts packages, makes sure

       /software/sslCerts/config/certs/cacert.pem
contains the OrganizationSSL certificate.

Actually, I'm not certain IST updated the automated process when the intermediate certificate changed in 2011.

In general, xhiered software which requires certificates will by default refer to them in these locations.

-- AdrianPepper - 23 Sep 2011


IncludeAdrianReferers

Referers

This topic IncludeCertLocationXhier is referred to by...
Topic revision: r5 - 2011-09-29 - AdrianPepper
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2019 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback