On Saturday, July 05, 2014 23:11:08 Gary Mort wrote: > All the various practices of the root ca's has annoyed me to no end. > > I'm wondering if there is a relatively good way to configure my keyring > so I can control it. > > If I delete the default keystores or reconfigure specific application > keychain configurations, they frequently get rewritten during > application upgrades.
Debian (and hopefully Debian-based distros) can do this, but I believe whether the option shows up /during upgrades/ depends on the 'priority level' setting for the 'debconf' package. Have a look at the documentation that comes with the 'ca-certificates' package, which will point to trying 'dpkg-reconfigure ca-certificates'. Unfortunately it doesn't discuss the debconf 'priority level' setting concerning having these options come up during upgrades of the ca-certificates package. > It looks like most apps can be configured to hook into my gnome-keychain > - so I'm thinking that rather then try to delete extraneous keys from > the various files they are squirrelled in - it might be easier to simply > maintain a database of revoked certificates and revoke all the roots. > Is there any easy to use utility for this, or do I just need to roll my own? The ca-certificates package takes the installed and activated CA keys and makes a 'bundle' of them as one big certificate file in /etc/ssl/certs/ (I think the file is 'ca-certificates.crt') and I believe this is the file that applications use by default (though I believe not all applications use all of the keys in that keyfile, as there is a separate section of the keys for Mozilla/ vs others). You could still roll-your-own, but it might be tricky as to how to make the result system-wide and yet not clash with what the ca-certificates package does. -- Chris -- Chris Knadle [email protected] _______________________________________________ Mid-Hudson Valley Linux Users Group http://mhvlug.org https://mhvlug.org/cgi-bin/mailman/listinfo/mhvlug Upcoming Meetings (6pm - 8pm) Vassar College May 7 - Personal 3D Printing Jun 4 - Samba: Can We All Just Get Along? Jul 2 - Mad Science Fair IV
