FreeBSD-11 Jails and PKI
James B. Byrne
byrnejb at harte-lyne.ca
Fri Jan 6 17:02:07 UTC 2017
If I want to make a binary application available to all jails do I put
it in /usr/jails/basejail/bin or somewhere else? Or is this
impossible?
If possible then do such applications need to be statically linked?
Similarly, given that I wish to maintain a common repository of pki
keys and certificates that are shared between jails, do I place these
in or under /usr/jails/basejail/usr/share/openssl/? or somewhere else?
Or not at all and place them separately in each and every jail that
requires TLS?
The main issue I am dealing with is that we run a private PKI CA and
need to add our root certificates to the ca-bundle after each update
to /usr/local/share/certs/ca-root-nss.crt.
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
More information about the freebsd-questions
mailing list