[CentOS] What is a client certificate?
Timothy Murphy
gayleard at alice.itFri Oct 24 15:43:20 UTC 2014
- Previous message: [CentOS] CentOS-announce Digest, Vol 116, Issue 13
- Next message: [CentOS] What is a client certificate?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A very ignorant question, sans doute. I get my certificates from cacert.org, to whom I am very grateful. I follow what I take to be the official procedure, first creating <server>.key and <server>.csr on my server and then getting <server>.crt by going to Server Certificate=>New at the cacert site. I then place the key certficate *.key in /etc/pki/tls/private/ and what I call the client certificate *.crt in /etc/pki/tls/certs/ . But I notice that there at www.cacert.org there is a Client Certificate folder as well as the Server Certificate folder, and it seems that one can create a "client certificate" there. My quesion is: what is the purpose of this second client certificate? And while I am on the topic, what are the recommended file permissions for PKI certificates? I was a little surprised to find my <server>.key has permission 640, while <server>.crt has permission 644. The folder /etc/pki/tls/private/ on my server does not seem to have any special security; it is owned by root but can be opened and listed by anybody. Is that the recommended setup? -- Timothy Murphy e-mail: gayleard /at/ eircom.net School of Mathematics, Trinity College, Dublin 2, Ireland
- Previous message: [CentOS] CentOS-announce Digest, Vol 116, Issue 13
- Next message: [CentOS] What is a client certificate?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list