FreeBSD-11 Jails and PKI
Julien Cigar
julien at perdition.city
Mon Jan 9 09:22:27 UTC 2017
On Fri, Jan 06, 2017 at 12:01:57PM -0500, James B. Byrne via freebsd-questions wrote:
> If I want to make a binary application available to all jails do I put
> it in /usr/jails/basejail/bin or somewhere else? Or is this
> impossible?
>
> If possible then do such applications need to be statically linked?
>
> Similarly, given that I wish to maintain a common repository of pki
> keys and certificates that are shared between jails, do I place these
> in or under /usr/jails/basejail/usr/share/openssl/? or somewhere else?
> Or not at all and place them separately in each and every jail that
> requires TLS?
>
> The main issue I am dealing with is that we run a private PKI CA and
> need to add our root certificates to the ca-bundle after each update
> to /usr/local/share/certs/ca-root-nss.crt.
you should manage this with a CMS (Saltstack for example)
>
> --
> *** e-Mail is NOT a SECURE channel ***
> Do NOT transmit sensitive data via e-Mail
> Do NOT open attachments nor follow links sent by e-Mail
>
> James B. Byrne mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited http://www.harte-lyne.ca
> 9 Brockley Drive vox: +1 905 561 1241
> Hamilton, Ontario fax: +1 905 561 0757
> Canada L8E 3C3
>
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
--
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170109/44092008/attachment.sig>
More information about the freebsd-questions
mailing list