[SAC] SSL Certificate Followup

Martin Spott Martin.Spott at mgras.net
Sun May 1 15:43:49 PDT 2016


On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:

> This needs to happen on:

LDAP - done


To me it looks like different and inconsistent variations from the
standard directory naming schema for SSL keys and certs are being used
on OSGeo infrastructure.  I've found certificates in at least:

  /etc/ssl/certs/  # the default
  /etc/ssl/crt/
  /etc/ssl/osgeo/
  /etc/ssl/certs/osgeo/

....  while the private keys are in:

  /etc/ssl/private/  # default


I think we should either stick to the default or create a consistent
derivative like:

  /etc/ssl/osgeo/certs/
  /etc/ssl/osgeo/private/
  ....

We might even consider negotiating on fixed filenames so we don't need
to change every config file every time  ;-)

Cheers,

	Martin.
-- 
 Unix _IS_ user friendly - it's just selective about who its friends are !
--------------------------------------------------------------------------


More information about the Sac mailing list