Shared System Certificates ready for Testing
Stef Walter
stefw at redhat.com
Thu Mar 21 12:40:56 UTC 2013
Hi all,
You can now try out the Shared System Certificates feature in Fedora 19.
The goal of this feature is to have nearly all crypto libraries use the
same default source for their trusted certificate authority anchors and
blacklist. Adding a new trusted certificate authority can now be done in
one place.
https://fedoraproject.org/wiki/Features/SharedSystemCertificates
Come and join us on the test day next week:
https://fedoraproject.org/wiki/Test_Day:2013-03-28_Shared_System_Certificates
The above links also contain documentation about the feature and how to
try it out (use the test cases).
This feature affects mainly TLS/SSL clients, and not servers. But it is
our expectation that both will continue to work as they had on Fedora 18
without modification.
Many servers have their own configured CA list (such as apache with
mod_ssl). This behavior has not changed.
What are the servers (or system services acting as SSL clients) that
rely on the system wide CA bundle? We'd like to check that they still
work, so if you have any to add to our list, please reply here (ideally
with a few details on how to test the service).
This is just one step on a road to sharing certificates and keys between
applications. It's been a long time in coming, and although this is just
the first step, we believe that it is useful.
Cheers,
Stef
More information about the devel
mailing list