If you’re referring to files in /etc/pki, that’s not a management API, like CAPI or CNG provides in Windows (and a like API in OSX).
There’s a keychain solution in Gnome (GNOME/Keyring) but not widely adopted that I’ve seen. This just seems a good match to have available within systemd From: Barry Scott <ba...@barrys-emacs.org> Sent: Wednesday, May 25, 2022 1:16 PM To: SCOTT FIELDS <scott.fie...@kyndryl.com> Cc: systemd-devel@lists.freedesktop.org Subject: [EXTERNAL] Re: [systemd-devel] certificate and trust store feature for systemd On 25 May 2022, at 14:06, SCOTT FIELDS <scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>> wrote: I apologize for the very general inquiry. Are there any plans to have system natively support its own trust store for items like CAs, x509 certs, passwords & ZjQcmQRYFpfptBannerStart This Message Is From an External Sender This message came from outside your organization. ZjQcmQRYFpfptBannerEnd On 25 May 2022, at 14:06, SCOTT FIELDS <scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com>> wrote: I apologize for the very general inquiry. Are there any plans to have system natively support its own trust store for items like CAs, x509 certs, passwords & truststores akin to the keychain in Windows and OS X? But these are solved problems on modern Linux systems aren't they? At least with RHEL and Fedora they have trust store and keychains. I still find the management of PKIs in /etc/pki to be problematic. For my home network I have my own DNS domain and CA setup. It was easy to add the CA to Fedora's trust store. Having this available as a core service within systemd using like APIs either in (mostly deprecated) CAPI or the new CNG Barry Scott Fields IBM/Kyndryl SRE – BNSF 817-593-5038 (BNSF) scott.fie...@kyndryl.com<mailto:scott.fie...@kyndryl.com> scott.fie...@bnsf.com<mailto:scott.fie...@bnsf.com>
