On 5/29/21 12:26 AM, Walter Dnes wrote:
Looking through them is "interesting". There seem to be a lot of /etc/ssl/certs/????????.0 files, where "?" is either a random number or a lower case letter.
They aren't random at all. They are a fingerprint (hash) of signing (?) certificates. The fingerprint is generated in a deterministic manner.
The sym-links (or hard links) are a convenient way to associate a hash back to the cert file that it's representing.
root@host# ln -s /path/to/cert /etc/ssl/certs/$(openssl x509 -noout -hash -in /path/to/cert)
The hash is what things validating things use. They have no good way to determine what the file name would be. So they compute and look up the hash.
You could name all the files with hashes. But that would make it quite annoying ~> difficult, impractical, bordering on impossible for a human to maintain. So, instead, the trusted root certificates are stored by a human friendly name and the hashes point to the file via a sym-link.
These all seem to be symlinks to /etc/ssl/certs/<Some_Name>.pem.
Quite likely.
Each of those files is in turn a symlink to/usr/share/ca-certificates/mozilla/<Some_Name>.crt.
Maybe / probably. Definitely for root certificates that are part of the Mozilla Security Suite. But it's definitely possible to have other root certificates through the same system. E.g. you run your own private / enterprise CA.
Any other suspicious regimes in there?
I'm confident that it depends on where you are in the world. Let's keep things apolitical and purely technical. -- Grant. . . . unix || die
