Public Key Infrastructure (PKI) =============================== Hosts ----- Host certificates can be either self-signed or signed by a CA. The private key can be either embedded into the same file as the certificate or in a separate file. The simplest form is a self-signed certificate with null-password embedded key. Beware that passwords for host certificates usually means you will need to manually start the services. Self-signed host certificates contain both certificate and key in same file. The file is placed in /etc/ssl/certs/ named by the service it provides appended ".pem". CA signed host certificates have separate public (certificate) and private (key) parts. The certificate is located as with self-signed ones, and keys are placed in /etc/ssl/private/ named similarly. The script /usr/share/local/localmksslcerts can be used to make self-signed certificates with embedded keys. Certificates should be chmod'ed 0444 and keys 0400. Certificate Authority --------------------- CA Certificates are divided in a public certificate and a private key. The CA certificate is placed in /etc/ssl/certs/ and named loosely by the CN of the organisation using digits [a-zA-Z0-9_-], appended "_CA.crt". Example: IT_guide_dr_Jones_CA.pem CA key is located in /etc/ssl/private/ equally named. Certificate is symlinked to "/etc/ssl/certs/cacert.pem" for easy locating by scripts. More info here: http://tirian.magd.ox.ac.uk/~nick/openssl-certs/ca.shtml Read here about confusion between commercial CAs and actual security: http://www.counterpane.com/pki-risks.html Like with hosts, certificates should be chmod'ed 0444 and keys 0400. Users ----- Have a look at this web page: http://www.cise.ufl.edu/help/secure-access/ssl-mail-setup.shtml The script is at /usr/share/local/mycert, adapted to Debian GNU/Linux. -- $Id: Certificates.txt,v 1.3 2002-12-31 02:31:21 jonas Exp $ 932.i919Wk22060119@opendk.veriovps.co.uk/inbox'>
path: root/tags/80/ef/200410010932.i919Wk22060119@opendk.veriovps.co.uk/inbox
diff options
context:
space:
mode:
Diffstat (limited to 'tags/80/ef/200410010932.i919Wk22060119@opendk.veriovps.co.uk/inbox')
-rw-r--r--tags/80/ef/200410010932.i919Wk22060119@opendk.veriovps.co.uk/inbox0
1 files changed, 0 insertions, 0 deletions
-nan%;'/>
-rw-r--r--tags/af/bb/20141026203829.15411.63399@bastian.jones.dk/debian0
-rw-r--r--tags/af/bb/20141026203829.15411.63399@bastian.jones.dk/jones0
-rw-r--r--tags/af/bb/20141026203829.15411.63399@bastian.jones.dk/sent0
-rw-r--r--tags/af/bb/20141026203829.15411.63399@bastian.jones.dk/signed0
-rw-r--r--tags/af/bb/20170314110002.6C0D4587@lxp5.free-owl.de/sys0
-rw-r--r--tags/af/bb/20170314110002.6C0D4587@lxp5.free-owl.de/unread0
-rw-r--r--tags/af/bb/20180507030219.1393A1C179@jawa.homebase.dk/hb0
-rw-r--r--tags/af/bb/20180507030219.1393A1C179@jawa.homebase.dk/sys0
-rw-r--r--tags/af/bb/20180507030219.1393A1C179@jawa.homebase.dk/unread0
-rw-r--r--tags/af/bb/2072450285.625786.1476476749820@mail.yahoo.com/attachment0
-rw-r--r--tags/af/bb/2072450285.625786.1476476749820@mail.yahoo.com/inbox0
-rw-r--r--tags/af/bb/2072450285.625786.1476476749820@mail.yahoo.com/old0
-rw-r--r--tags/af/bb/E1je2nM-000G6k-6g@fasolo.debian.org/debian0
-rw-r--r--tags/af/bb/E1je2nM-000G6k-6g@fasolo.debian.org/inbox0
-rw-r--r--tags/af/bb/E1je2nM-000G6k-6g@fasolo.debian.org/killed0
-rw-r--r--tags/af/bb/E1je2nM-000G6k-6g@fasolo.debian.org/unread0
-rw-r--r--tags/af/bb/YGdPsRSnFuIwwrD0@taz.net.au/debian0
-rw-r--r--tags/af/bb/YGdPsRSnFuIwwrD0@taz.net.au/unread0
-rw-r--r--tags/af/bb/handler.929243.D929243.15979787183348.ackdone@bugs.debian.org/debian0
-rw-r--r--tags/af/bb/handler.929243.D929243.15979787183348.ackdone@bugs.debian.org/killed0
-rw-r--r--tags/af/bb/handler.929243.D929243.15979787183348.ackdone@bugs.debian.org/unread0
24 files changed, 0 insertions, 0 deletions