Greeting all, I am new to openssl and just joined this list. I've spent the last week reading the man pages, READMEs, INSTALLs, and every HOW-TO I can find regarding openssl and the apps I want to secure. I'm still a bit confused however, and am having some troubles. I certainly don't want all the answers, as I really do want to understand this fully, but I do have some foundational questions I'd like to get answers to if you'd be so kind.
Thank you in advance :) In my setup, I installed openssl to /usr/local/ssl. In that dir there is a /certs directory which is empty. However, in my source dir /usr/local/src/openssl-0.9.7b/certs/ there over 20 .pem files (and their associated hashes) which look to be the trusted root certificates. Should those be copied to /usr/local/ssl/certs, or remain where they are? Also, when applications such as Apache and Sendmail are compiled with openssl does the opensll library know to look in the orginal source area for those certs even though I've told those apps that the openssl libs are in /usr/local/ssl? I'm hesitant to start giving read access to all the application's "run as" users to the ssl directories. Consequently Im wondering wehter the openssl libs have root access even though Apache might be running as "nobody"? Or, do I duplicate all the certs in each app's respective directories? Or even, do I create a new user id for all of those apps to run as so that I can grant access to a common directory? How's this normally handled by yourself and others? Thank you, Dann Daggett ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
