So, a little issue I see a lot is that SSL cert files seem to go
everywhere. I may see some under /var/shared/ssl/certs/, some under
application-specific directories (e.g., /etc/httpd/conf/ssl.*/,
/etc/ldap/), etc.
What are your thoughts on:
1. Putting all certs under a standardized location, e.g.,
/usr/shared/ssl/certs/, and then just chown'ing and chmod'ing them for a
little more security.
2. Keeping them in application-specific areas.
Also, how are you keeping track of cert expiration? We usually get
emails from the SSL cert vendor about renewals, but..
-- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author, "Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices Identity Management, LDAP, and Linux Integration ___________________ Nolug mailing list nolug@nolug.orgReceived on 11/26/07
This archive was generated by hypermail 2.2.0 : 12/19/08 EST