SSL TLS on Fedora Core 4

Things have changed a bit with Fedora Core 4 : everything related to security (SSL, HTTPS) and certificates is under /etc/pki/. There you will find /etc/pki/tls/openssl.cnf openSSL config file and the very usefull CA.pl script in /etc/pki/tls/misc/CA.

Creating a new certificate for your domain is as easy as CA -newca ; CA -newreq ; CA -sign and you are almost done.

If you look at /etc/httpd/conf.d/ssl.conf, you will see where to put your files according to the new layout.

  • The PEM encoded server certificate (if encrypted you will be prompted for the password) : SSLCertificateFile : /etc/pki/tls/certs/localhost.crt
  • The Server Private Key : SSLCertificateKeyFile : /etc/pki/tls/private/localhost.key

For proFTPd, the configuration isn’t updated, nor even coherent. In /etc/proftpd.conf, they are in /usr/share/ssl/certs/ and in the documentation, in /etc/ftpd/ !

I am not sure if it is “good” to have an executable script in /etc/, if someone can explain or link to the rational behind this, thanks in advance.

I wonder if Linux will reach some FSH somedays ?

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: