Aaron Griffin wrote:
On Sun, Apr 26, 2009 at 11:44 PM, David C. Rankin <drankinatty@suddenlinkmail.com> wrote:
David C. Rankin wrote:
Listmates,
One thing I noticed when generating dovecot certs was the significant number of files in /etc/ssl/certs. What is the reason for/background of Arch's gathering of so many cert files, and is there some specific way we should make use of them? Are they just there for convenience? Are they current?
A bit more info:
The reason I asked is that I'm not familiar with the certs Arch has collected there, but I do deal with self-signed certificates a bit. If what's in the /etc/ssl/certs directory will help me build a better certificate chain, I would love to know about it.
I have a feeling these are all from the ca-certificates package, which is from Debian: http://packages.qa.debian.org/c/ca-certificates.html
Aaron, Thanks for the link. Checking further, it seems there isn't that much about the ca-certs package on the debian site, basically your are just referred to the securing-debian-howto (which has good information) but the total text on the ca-certificates package is: 8.7 SSL Infrastructure Debian does provide some SSL certificates with the distribution so that they can be installed locally. They are found in the ca-certificates package. This package provides a central repository of certificates that have been submitted to Debian and approved (that is, verified) by the package maintainer, useful for any OpenSSL applications which verify SSL connections. I'm browsing through http://www.linux.org/docs/ldp/howto/SSL-Certificates-HOWTO/index.html to see if I can get a better handle on what the purpose of all the certs are for and what can be done with them and then I'll look at the OpenSSL site for additional info. If I get time, I'll do a short howto once I figure it out. -- David C. Rankin, J.D.,P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 Telephone: (936) 715-9333 Facsimile: (936) 715-9339 www.rankinlawfirm.com