Bug#790943: Root and local certificate location clash

To: 790943@bugs.debian.org
Subject: Bug#790943: Root and local certificate location clash
From: Sergey Ponomarev <stokito@gmail.com>
Date: Wed, 8 Jun 2022 19:22:09 +0300
Message-id: <[🔎] CADR0UcVxnXwVrYUvWiRsLjs54Xsk-t+vrRhFkVTU2SQmCf1kPA@mail.gmail.com>
Reply-to: Sergey Ponomarev <stokito@gmail.com>, 790943@bugs.debian.org
References: <55964E56.9030500@pocock.pro>

You made a very good investigation on the topic.

I agree that a public cert shouldn't be placed into the same folder as
CA certs. There is some mention of a weird bug
https://serverfault.com/a/840191/442430
Instead I think that both private key and cert should be merged into a
one file and placed into /etc/ssl/private/.
It looks like there were a lot of discussions but we didn't come to a
single agreement about the place to store certs and how to manage
them.
Please read my proposition here
https://github.com/certbot/certbot/issues/1425#issuecomment-1150116062
I'll appreciate any feedback.

Regards,
Sergey Ponomarev, stokito.com

Reply to:

Prev by Date: Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
Next by Date: Bug#1012513: apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556
Previous by thread: Bug#1012513: marked as done (apache2: CVE-2022-31813 CVE-2022-26377 CVE-2022-28614 CVE-2022-28615 CVE-2022-29404 CVE-2022-30522 CVE-2022-30556)
Next by thread: Processed: tagging 1012513, found 1012513 in 2.4.53-2
Index(es):
- Date
- Thread