FreeBSD-11 Jails and PKI

Julien Cigar julien at perdition.city
Mon Jan 9 09:22:27 UTC 2017


On Fri, Jan 06, 2017 at 12:01:57PM -0500, James B. Byrne via freebsd-questions wrote:
> If I want to make a binary application available to all jails do I put
> it in /usr/jails/basejail/bin or somewhere else?  Or is this
> impossible?
> 
> If possible then do such applications need to be statically linked?
> 
> Similarly, given that I wish to maintain a common repository of pki
> keys and certificates that are shared between jails, do I place these
> in or under /usr/jails/basejail/usr/share/openssl/? or somewhere else?
> Or not at all and place them separately in each and every jail that
> requires TLS?
> 
> The main issue I am dealing with is that we run a private PKI CA and
> need to add our root certificates to the ca-bundle after each update
> to  /usr/local/share/certs/ca-root-nss.crt.

you should manage this with a CMS (Saltstack for example)

> 
> -- 
> ***          e-Mail is NOT a SECURE channel          ***
>         Do NOT transmit sensitive data via e-Mail
>  Do NOT open attachments nor follow links sent by e-Mail
> 
> James B. Byrne                mailto:ByrneJB at Harte-Lyne.ca
> Harte & Lyne Limited          http://www.harte-lyne.ca
> 9 Brockley Drive              vox: +1 905 561 1241
> Hamilton, Ontario             fax: +1 905 561 0757
> Canada  L8E 3C3
> 
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"

-- 
Julien Cigar
Belgian Biodiversity Platform (http://www.biodiversity.be)
PGP fingerprint: EEF9 F697 4B68 D275 7B11  6A25 B2BB 3710 A204 23C0
No trees were killed in the creation of this message.
However, many electrons were terribly inconvenienced.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20170109/44092008/attachment.sig>


More information about the freebsd-questions mailing list