Author: dj
Date: 2009-03-11 21:57:30 -0600 (Wed, 11 Mar 2009)
New Revision: 7801
Added:
trunk/BOOK/postlfs/security/rootcerts.xml
Modified:
trunk/BOOK/general.ent
trunk/BOOK/introduction/welcome/changelog.xml
trunk/BOOK/postlfs/config/config.xml
trunk/BOOK/postlfs/security/security.xml
Log:
Added Root Certificates page.
Modified: trunk/BOOK/general.ent
===================================================================
--- trunk/BOOK/general.ent 2009-03-10 23:54:13 UTC (rev 7800)
+++ trunk/BOOK/general.ent 2009-03-12 03:57:30 UTC (rev 7801)
@@ -3,7 +3,7 @@
$Date$
-->
-<!ENTITY day "05"> <!-- Always 2 digits -->
+<!ENTITY day "12"> <!-- Always 2 digits -->
<!ENTITY month "03"> <!-- Always 2 digits -->
<!ENTITY year "2009">
<!ENTITY copyrightdate "2001-&year;">
Modified: trunk/BOOK/introduction/welcome/changelog.xml
===================================================================
--- trunk/BOOK/introduction/welcome/changelog.xml 2009-03-10 23:54:13 UTC
(rev 7800)
+++ trunk/BOOK/introduction/welcome/changelog.xml 2009-03-12 03:57:30 UTC
(rev 7801)
@@ -42,6 +42,15 @@
-->
<listitem>
+ <para>March 12th, 2009</para>
+ <itemizedlist>
+ <listitem>
+ <para>[dj] - Added Root Certificates page.</para>
+ </listitem>
+ </itemizedlist>
+ </listitem>
+
+ <listitem>
<para>March 5th, 2009</para>
<itemizedlist>
<listitem>
Modified: trunk/BOOK/postlfs/config/config.xml
===================================================================
--- trunk/BOOK/postlfs/config/config.xml 2009-03-10 23:54:13 UTC (rev
7800)
+++ trunk/BOOK/postlfs/config/config.xml 2009-03-12 03:57:30 UTC (rev
7801)
@@ -58,5 +58,4 @@
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="autofs.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="netfs.xml"/>
-
</chapter>
Added: trunk/BOOK/postlfs/security/rootcerts.xml
===================================================================
--- trunk/BOOK/postlfs/security/rootcerts.xml (rev 0)
+++ trunk/BOOK/postlfs/security/rootcerts.xml 2009-03-12 03:57:30 UTC (rev
7801)
@@ -0,0 +1,51 @@
+<?xml version="1.0" encoding="ISO-8859-1"?>
+<!DOCTYPE sect1 PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd"; [
+ <!ENTITY % general-entities SYSTEM "../../general.ent">
+ %general-entities;
+]>
+
+<sect1 id="postlfs-config-rootcerts" xreflabel="Root Certificates">
+ <?dbhtml filename="rootcerts.html"?>
+
+ <sect1info>
+ <othername>$LastChangedBy$</othername>
+ <date>$Date$</date>
+ </sect1info>
+
+ <title>Root Certificates</title>
+
+ <indexterm zone="postlfs-config-rootcerts">
+ <primary sortas="e-cabundle">ca-bundle.crt</primary>
+ </indexterm>
+
+ <para>The <filename>ca-bundle.crt</filename> file contains public
+ certificates from trusted root certificate authorities (CAs). CAs guarantee
+ the authenticity of a host by issuing certificates that contain both the name
+ of the host and the owner's name, and are signed using the CA's private key.
+ In turn, a matching public key is provided by the CA that can be used to
+ verify the authenticity of any SSL certificate that is signed by that CA. The
+ list of CA certificates (with public keys) included in ca-bundle.crt
+ are provided by mozilla.org, and undergo an annual investigation and
+ auditing process, so that they can be trusted for general use.</para>
+
+ <para>The list of certificates is stored in PEM format, and is generated from
+ a DER formatted file, <filename>certdata.txt</filename>, that ships with
+ Mozilla products. A <ulink
+
url="http://cvs.fedoraproject.org/viewvc/rpms/ca-certificates/devel/mkcabundle.pl?view=co";>
+ script</ulink> provided by RedHat converts the upstream
+ <filename>certdata.txt</filename> from DER to PEM format, so that it is
+ usable by applications that utilize SSL/TLS encryption. Additional trusted
+ CAs can be added to the <filename>ca-bundle.crt</filename> by appending the
+ CA's public certificate (in PEM format) to the file.</para>
+
+ <para>Download a recent version of <ulink
+ url="&files-anduin;/ca-bundle.crt">ca-bundle.crt</ulink> and place it into
+ the <filename class="directory">/etc/ssl/certs</filename> directory and make
+ the file world readable by issuing the following commands as the
+ <systemitem class="username">root</systemitem> user:</para>
+
+<screen role="root"><userinput>install -v -d /etc/ssl/certs &&
+install -m644 ca-bundle.crt /etc/ssl/certs</userinput></screen>
+
+</sect1>
Property changes on: trunk/BOOK/postlfs/security/rootcerts.xml
___________________________________________________________________
Name: svn:keywords
+ Date LastChangedBy
Modified: trunk/BOOK/postlfs/security/security.xml
===================================================================
--- trunk/BOOK/postlfs/security/security.xml 2009-03-10 23:54:13 UTC (rev
7800)
+++ trunk/BOOK/postlfs/security/security.xml 2009-03-12 03:57:30 UTC (rev
7801)
@@ -39,6 +39,7 @@
of critical files (defined by the administrator) and then regenerates those
"signatures" and compares for files that have been changed.</para>
+ <xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="rootcerts.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="openssl.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="gnutls.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2003/XInclude"; href="cracklib.xml"/>
--
http://linuxfromscratch.org/mailman/listinfo/blfs-book
FAQ: http://www.linuxfromscratch.org/blfs/faq.html
Unsubscribe: See the above information page
