[arch-general] The 284 files in /etc/ssl/certs? There must be a purpose...
David C. Rankin
drankinatty at suddenlinkmail.com
Tue Apr 28 01:55:55 EDT 2009
Aaron Griffin wrote:
> On Sun, Apr 26, 2009 at 11:44 PM, David C. Rankin
> <drankinatty at suddenlinkmail.com> wrote:
>> David C. Rankin wrote:
>>> Listmates,
>>>
>>> One thing I noticed when generating dovecot certs was the significant number
>>> of files in /etc/ssl/certs. What is the reason for/background of Arch's
>>> gathering of so many cert files, and is there some specific way we should make
>>> use of them? Are they just there for convenience? Are they current?
>>>
>> A bit more info:
>>
>> The reason I asked is that I'm not familiar with the certs Arch has collected
>> there, but I do deal with self-signed certificates a bit. If what's in the
>> /etc/ssl/certs directory will help me build a better certificate chain, I would
>> love to know about it.
>
> I have a feeling these are all from the ca-certificates package, which
> is from Debian:
> http://packages.qa.debian.org/c/ca-certificates.html
>
Aaron,
Thanks for the link. Checking further, it seems there isn't that much about
the ca-certs package on the debian site, basically your are just referred to
the securing-debian-howto (which has good information) but the total text on
the ca-certificates package is:
8.7 SSL Infrastructure
Debian does provide some SSL certificates with the distribution so that they
can be installed locally. They are found in the ca-certificates package. This
package provides a central repository of certificates that have been submitted
to Debian and approved (that is, verified) by the package maintainer, useful
for any OpenSSL applications which verify SSL connections.
I'm browsing through
http://www.linux.org/docs/ldp/howto/SSL-Certificates-HOWTO/index.html to see if
I can get a better handle on what the purpose of all the certs are for and what
can be done with them and then I'll look at the OpenSSL site for additional
info. If I get time, I'll do a short howto once I figure it out.
--
David C. Rankin, J.D.,P.E.
Rankin Law Firm, PLLC
510 Ochiltree Street
Nacogdoches, Texas 75961
Telephone: (936) 715-9333
Facsimile: (936) 715-9339
www.rankinlawfirm.com
More information about the arch-general
mailing list