server certificates/key pairs and CA directories

To: debian-devel@lists.debian.org
Subject: server certificates/key pairs and CA directories
From: Daniel Pocock <daniel@pocock.pro>
Date: Fri, 03 Jul 2015 11:09:23 +0200
Message-id: <[🔎] 55965143.1070103@pocock.pro>


Hi all,

There has been some discussion in the past about CA certificates and
server certificate/key locations in /etc

I'd like to ensure that the RTC Quick Start Guide[1] is giving people
accurate instructions about where to create their private key and server
certificate files on a Debian host.

I couldn't find a specific policy on how it is currently supposed to be
managed, although there are a few proposals on the wiki:

  https://wiki.debian.org/X.509
  https://wiki.debian.org/SslCertificateHandling

I looked at the package ssl-cert to try and understand and there I found
that it is using /etc/ssl/certs for server certs while other packages
trust that directory as a store of root certs, I opened a bug[2] for that.

Can anybody refer me to any document that describes the current
situation, whether it is in a policy document, wiki or mailing list archive?

Is anybody currently working on improving this situation?

Regards,

Daniel


1. http://rtcquickstart.org/guide/multi/tls-install-certificate.html
2. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=790943

Reply to:

Follow-Ups:
- Re: server certificates/key pairs and CA directories
  - From: Thorsten Glaser <t.glaser@tarent.de>

Prev by Date: Bug#790933: ITP: drive - Google Drive tool
Next by Date: Bug#790971: ITP: ruby-redis-actionpack -- Redis session store for ActionPack
Previous by thread: Re: Bug#790933: ITP: drive - Google Drive tool
Next by thread: Re: server certificates/key pairs and CA directories
Index(es):
- Date
- Thread