Xhier Certificate Location

To see how this inclusion page fits in with similar ones, perhaps see one of

Certificate Location under Xhier

The great Xhier guru Patrick Matlock conceived that all applications configured under xhier should have a single location in which SSL certificates (and private keys) should be kept.

Therefore he created an sslCerts xhier package (which has had an only version sslCerts-1) under which certificates should be stored.

On xhiered systems, certificates should be placed in

and software configured to reference them from there.

Similarly private keys should be put in

with configuration set appropriately.

Note that, although one suspects the idea was that directory should be mode 700, it now tends to be 711 or worse, so you should make sure the individual files are not readable by world or inappropriate groups. (The search permission may be designed to allow daemons running as non-root to access individual key files?)

An automated process, part of the sslCerts packages, makes sure

contains the OrganizationSSL certificate.

Actually, I'm not certain IST updated the automated process when the intermediate certificate changed in 2011.

In general, xhiered software which requires certificates will by default refer to them in these locations.

-- AdrianPepper - 23 Sep 2011



This topic IncludeCertLocationXhier is referred to by...
Edit | Attach | Watch | Print version | History: r5 < r4 < r3 < r2 < r1 | Backlinks | Raw View | WYSIWYG | More topic actions
Topic revision: r5 - 2011-09-29 - AdrianPepper
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback