[systemd-devel] certificate and trust store feature for systemd
Barry Scott
barry at barrys-emacs.org
Wed May 25 18:15:30 UTC 2022
> On 25 May 2022, at 14:06, SCOTT FIELDS <Scott.Fields at kyndryl.com> wrote:
>
> I apologize for the very general inquiry.
>
> Are there any plans to have system natively support its own trust store for items like CAs, x509 certs, passwords & truststores akin to the keychain in Windows and OS X?
But these are solved problems on modern Linux systems aren't they?
At least with RHEL and Fedora they have trust store and keychains.
>
> I still find the management of PKIs in /etc/pki to be problematic.
For my home network I have my own DNS domain and CA setup. It was easy to add the CA to
Fedora's trust store.
>
> Having this available as a core service within systemd using like APIs either in (mostly deprecated) CAPI or the new CNG
Barry
>
>
> Scott Fields
> IBM/Kyndryl
> SRE – BNSF
> 817-593-5038 (BNSF)
> scott.fields at kyndryl.com <mailto:scott.fields at kyndryl.com>
> scott.fields at bnsf.com <mailto:scott.fields at bnsf.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20220525/8d885810/attachment.htm>
More information about the systemd-devel
mailing list