Re: [Nolug] Where do you put your SSL files?

From: Mark A. Hershberger <mah_at_everybody.org>
Date: Mon, 26 Nov 2007 16:29:15 -0500
Message-ID: <87k5o4wv9w.fsf@everybody.org>

Dustin Puryear <dustin@puryear-it.com> writes:

> 1. Putting all certs under a standardized location, e.g.,
> /usr/shared/ssl/certs/, and then just chown'ing and chmod'ing them for a
> little more security.

Yes, but I would suggest /etc/ssl/certs instead of anything under /usr.
As a general rule files under /usr shouldn't be modified with
information local to the system.

> 2. Keeping them in application-specific areas.

Make symlinks!

> Also, how are you keeping track of cert expiration? We usually get
> emails from the SSL cert vendor about renewals, but..

If you have certs in one location, you can set up a cron job to just
scan the directory.

It is also possible to have Nagios check remotely-available ssl-enabled
services and warn when the cert is about to expire.

Mark.

-- 
http://hexmode.com/
GPG Fingerprint: 7E15 362D A32C DFAB E4D2  B37A 735E F10A 2DFC BFF5
The most beautiful experience we can have is the mysterious.
    -- Albert Einstein, The World As I See it
___________________
Nolug mailing list
nolug@nolug.org
Received on 11/26/07

This archive was generated by hypermail 2.2.0 : 12/19/08 EST