Re: Debian Policy about administrator X.509 certificate stores

To: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
Cc: Ben Hutchings <ben@decadent.org.uk>, 608719@bugs.debian.org, debian-policy@lists.debian.org, ca-certificates@packages.debian.org, Michael Shuler <michael@pbandjelly.org>
Subject: Re: Debian Policy about administrator X.509 certificate stores
From: Russ Allbery <rra@debian.org>
Date: Mon, 02 Apr 2012 09:48:18 -0700
Message-id: <[🔎] 87bona84h9.fsf@windlord.stanford.edu>
In-reply-to: <[🔎] 20120402094922.GE2453@yellowpig> (Bill Allombert's message of "Mon, 2 Apr 2012 11:49:22 +0200")
References: <20110102232038.30962.75433.reportbug@localhost.localdomain> <1332213241.8043.8.camel@deadeye> <4F681415.90701@fifthhorseman.net> <[🔎] 20120402094922.GE2453@yellowpig>

Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr> writes:

> Another issue is that no directories is provided for the system
> administrator to put their local certs. Of course they can use
> /etc/ssl/certs, but then the certs are drowned by the number.

ca-certificates supports putting local certificates into
/usr/local/share/ca-certificates, after which they're treated as trusted
certificates and linked into /etc/ssl/certs similar to how the
certificates in /usr/share/ca-certificates are handled.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Debian Policy about administrator X.509 certificate stores
  - From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- Re: Debian Policy about administrator X.509 certificate stores
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>

References:
- Re: Debian Policy about administrator X.509 certificate stores [was: Re: dovecot-common: please do not use /etc/ssl/certs for end-entity X.509 certificates (/etc/ssl/certs/dovecot.pem)]
  - From: Bill Allombert <Bill.Allombert@math.u-bordeaux1.fr>

Prev by Date: Re: Debian Policy about administrator X.509 certificate stores [was: Re: dovecot-common: please do not use /etc/ssl/certs for end-entity X.509 certificates (/etc/ssl/certs/dovecot.pem)]
Next by Date: Re: Debian Policy about administrator X.509 certificate stores
Previous by thread: Re: Debian Policy about administrator X.509 certificate stores [was: Re: dovecot-common: please do not use /etc/ssl/certs for end-entity X.509 certificates (/etc/ssl/certs/dovecot.pem)]
Next by thread: Re: Debian Policy about administrator X.509 certificate stores
Index(es):
- Date
- Thread