So, a little issue I see a lot is that SSL cert files seem to go everywhere. I may see some under /var/shared/ssl/certs/, some under application-specific directories (e.g., /etc/httpd/conf/ssl.*/, /etc/ldap/), etc.
What are your thoughts on: 1. Putting all certs under a standardized location, e.g., /usr/shared/ssl/certs/, and then just chown'ing and chmod'ing them for a little more security. 2. Keeping them in application-specific areas. Also, how are you keeping track of cert expiration? We usually get emails from the SSL cert vendor about renewals, but.. -- Puryear Information Technology, LLC Baton Rouge, LA * 225-706-8414 http://www.puryear-it.com Author, "Best Practices for Managing Linux and UNIX Servers" http://www.puryear-it.com/pubs/linux-unix-best-practices Identity Management, LDAP, and Linux Integration
