Where to put PKI keys?

James B. Byrne byrnejb at harte-lyne.ca
Fri Dec 2 16:07:58 UTC 2016

FreeBSD-10.3 & 11.0

We operate a private CA for our firm and its employees.  We are also
in the process of moving from CentOS to FreeBSD.  My experience
therefore is mostly RHEL based Linux.

On post RHEL-5 based systems PKI certificates and keys are maintained
in a central store called '/etc/pki/'.  This is sub-divided according
to need but the primary place to find things relating to ssl/tls is
'/etc/pki/tls/certs/' and '/etc/pki/tls/private/'.

FreeBSD seems to follow the principal that packagers themselves will
define where their packages' keys and certs are kept.  Which is
entirely understandable.  But I am accustomed to looking in one place
for this sort of stuff.  I have searched for references to FreeBSD on
this subject and have not found much.

My question is:  Is there a recommended directory structure for
FreeBSD pertaining to centralised PKI storage?

I realise that I can just create '/etc/pki/tls/' or
'/usr/local/etc/pki/tls/' and manage things idiosyncratically, but if
their any existing convention covering this then I would like to
consider it.  I note that '/usr/local/share/certs/' is used for the ca
bundle cert chain. Would '/usr/local/share/keys/' be considered an
acceptable place for keys?

***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3

More information about the freebsd-questions mailing list