NTS: config and initialization

[Gary E. Miller]

Yo Hal!

On Thu, 07 Mar 2019 22:54:45 -0800
Hal Murray via devel <devel at ntpsec.org> wrote:

> > Let us not call it the "cookie key", lets use the terminology of
> > the RFC.   
> 
> Please suggest a file name.

Just for grins: /usr/local/etc/ntp/keys.conf

> >> I'm assuming that the system defaults will cover 99+% of the normal
> >> cases.  I don't have to do anything special for my browser to
> >> work.  
> > Because your browser includes its own cert store!  Or it was
> > customized for your distro.  There is no "normal" case.   
> 
> I assume the distro provides a reasonable collection of trusted root 
> certificates.  It's not only my browser that just works, but also
> other browsers and lynx and curl and I don't know what else.
> 
> I don't plan to duplicate that effort.  Do you want to?
> 
> On Fedora, it's the ca-certificates package.

Which tells me nothing about how you find those certs.  Also says nothing
about other copies.

Where do they get installed?

On Gentoo one copy is in:
	/etc/ssl/certs/

Let's Encrypt also puts stuff here:
	/etc/letsencrypt/{keys,live}/

Sendmail uses:
	/etc/mail/certs

Ruby gems puts them here:
	/usr/lib64/ruby/site_ruby/2.6.0/rubygems/ssl_certs/index.rubygems.org/

Another copy for lxd here:
    /var/lib/lxd/containers/armorplated-fay/rootfs/etc/ssl/certs/

Is /etc/ssl/certs somewhat standard?  at least for the root certs?

RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
	gem at rellim.com  Tel:+1 541 382 8588

	    Veritas liberabit vos. -- Quid est veritas?
    "If you can’t measure it, you can’t improve it." - Lord Kelvin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 851 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ntpsec.org/pipermail/devel/attachments/20190308/8af3c433/attachment.bin>