Where to put PKI keys?
James B. Byrne
byrnejb at harte-lyne.ca
Fri Dec 2 16:07:58 UTC 2016
FreeBSD-10.3 & 11.0
We operate a private CA for our firm and its employees. We are also
in the process of moving from CentOS to FreeBSD. My experience
therefore is mostly RHEL based Linux.
On post RHEL-5 based systems PKI certificates and keys are maintained
in a central store called '/etc/pki/'. This is sub-divided according
to need but the primary place to find things relating to ssl/tls is
'/etc/pki/tls/certs/' and '/etc/pki/tls/private/'.
FreeBSD seems to follow the principal that packagers themselves will
define where their packages' keys and certs are kept. Which is
entirely understandable. But I am accustomed to looking in one place
for this sort of stuff. I have searched for references to FreeBSD on
this subject and have not found much.
My question is: Is there a recommended directory structure for
FreeBSD pertaining to centralised PKI storage?
I realise that I can just create '/etc/pki/tls/' or
'/usr/local/etc/pki/tls/' and manage things idiosyncratically, but if
their any existing convention covering this then I would like to
consider it. I note that '/usr/local/share/certs/' is used for the ca
bundle cert chain. Would '/usr/local/share/keys/' be considered an
acceptable place for keys?
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the freebsd-questions