Date: Mon, 9 Jan 2017 10:22:14 +0100 From: Julien Cigar <julien@perdition.city> To: byrnejb@harte-lyne.ca Cc: freebsd-questions@freebsd.org Subject: Re: FreeBSD-11 Jails and PKI Message-ID: <20170109092213.GG15696@mordor.lan> In-Reply-To: <d70f72266d2fb772296601c829e1d408.squirrel@webmail.harte-lyne.ca> References: <d70f72266d2fb772296601c829e1d408.squirrel@webmail.harte-lyne.ca>
next in thread | previous in thread | raw e-mail | index | archive | help
--QuX0r7ZseMwydPce Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Fri, Jan 06, 2017 at 12:01:57PM -0500, James B. Byrne via freebsd-questi= ons wrote: > If I want to make a binary application available to all jails do I put > it in /usr/jails/basejail/bin or somewhere else? Or is this > impossible? >=20 > If possible then do such applications need to be statically linked? >=20 > Similarly, given that I wish to maintain a common repository of pki > keys and certificates that are shared between jails, do I place these > in or under /usr/jails/basejail/usr/share/openssl/? or somewhere else? > Or not at all and place them separately in each and every jail that > requires TLS? >=20 > The main issue I am dealing with is that we run a private PKI CA and > need to add our root certificates to the ca-bundle after each update > to /usr/local/share/certs/ca-root-nss.crt. you should manage this with a CMS (Saltstack for example) >=20 > --=20 > *** e-Mail is NOT a SECURE channel *** > Do NOT transmit sensitive data via e-Mail > Do NOT open attachments nor follow links sent by e-Mail >=20 > James B. Byrne mailto:ByrneJB@Harte-Lyne.ca > Harte & Lyne Limited http://www.harte-lyne.ca > 9 Brockley Drive vox: +1 905 561 1241 > Hamilton, Ontario fax: +1 905 561 0757 > Canada L8E 3C3 >=20 > _______________________________________________ > freebsd-questions@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.o= rg" --=20 Julien Cigar Belgian Biodiversity Platform (http://www.biodiversity.be) PGP fingerprint: EEF9 F697 4B68 D275 7B11 6A25 B2BB 3710 A204 23C0 No trees were killed in the creation of this message. However, many electrons were terribly inconvenienced. --QuX0r7ZseMwydPce Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE7vn2l0to0nV7EWolsrs3EKIEI8AFAlhzVkIACgkQsrs3EKIE I8DRNBAAp8+848SULobgB/dk9W7YdKfNkFv3onGXOGCl4nlrrP/fglL02/h2mxkO Lz9Turg1FsAxCmiDE0f7uWTFaDef+k9gUAw98ImnBgvNp2s9NxCrmC+CCMKRZUZD yFZKIqDJfW/uqcKVvs5iblu9R5Zypoo6mXw0mtkDrYRRcbnvL0O3Y4FSGIV369x9 zEJzvqAQrn4qLc2dMSrjoEtR2iN4xXgTlayf0UO1QXsTwv6HfkTgvr9VRf80k1n+ HfsF/qhHYkIurZ6tKlbYHfD+Sziq2qGBt7u+PgqyrDa5irT5MTLhhxDaTrIPCBF2 LSw10HqKkm3vNxyjTngsIrf8TThfRs2CqpT8HTTZCSeEYozDgHYNIjd0bn42AMzY i1pMdE8rzL4jFUi9pElaoZf0053DxlsaeNU6wBRsZUoGATxXtRLex6bgfncpc5uW Brnc7GtHMw7JugWCv0ja6UX+2qLmosbi4+0cqU8EdiM6PsI4ZB4Bd4OWnBSaAEX2 P9MxZnIL8uiEMRmYhBWWawIein505mwwBQxAytno1SH/Y2za3JBHFWjS3tpfDm8p nB1bnA3B75USRbPlECbGeLb00rFbY5MT7Eq9hqX3WNleEaV9QEyMX3ol+kEgEOYT VlCzNS0BMEnejMxlbWqLxXo/gI+O7Hf59N36Qp8HUFBKfXvfZic= =KmeG -----END PGP SIGNATURE----- --QuX0r7ZseMwydPce--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170109092213.GG15696>