Yo Hal! On Thu, 07 Mar 2019 22:54:45 -0800 Hal Murray via devel <devel@ntpsec.org> wrote:
> > Let us not call it the "cookie key", lets use the terminology of
> > the RFC.
>
> Please suggest a file name.
Just for grins: /usr/local/etc/ntp/keys.conf
> >> I'm assuming that the system defaults will cover 99+% of the normal
> >> cases. I don't have to do anything special for my browser to
> >> work.
> > Because your browser includes its own cert store! Or it was
> > customized for your distro. There is no "normal" case.
>
> I assume the distro provides a reasonable collection of trusted root
> certificates. It's not only my browser that just works, but also
> other browsers and lynx and curl and I don't know what else.
>
> I don't plan to duplicate that effort. Do you want to?
>
> On Fedora, it's the ca-certificates package.
Which tells me nothing about how you find those certs. Also says nothing
about other copies.
Where do they get installed?
On Gentoo one copy is in:
/etc/ssl/certs/
Let's Encrypt also puts stuff here:
/etc/letsencrypt/{keys,live}/
Sendmail uses:
/etc/mail/certs
Ruby gems puts them here:
/usr/lib64/ruby/site_ruby/2.6.0/rubygems/ssl_certs/index.rubygems.org/
Another copy for lxd here:
/var/lib/lxd/containers/armorplated-fay/rootfs/etc/ssl/certs/
Is /etc/ssl/certs somewhat standard? at least for the root certs?
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpQFdgH07MHv.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
