Hi,
here is a more detailed list and my next proposal for a new structure.
.../ca
.../ca/stuff
# cacert.pem
.../ca/chain
# ca-cert's chain
.../ca/private
# private key
.../ca/dB
# DBM-Files
.../ca/p12
# p12-files from scripts
.../ca/tmp
# tmp-directory (protection against sym-link attacks)
.../ca/inbound
.../ca/inbound/reqs
.../ca/inbound/misc
# for import (unused in 0.9 except from mail on RAServer)
.../ca/outbound
.../ca/outbound/crl
.../ca/outbound/certs
.../ca/outbound/mail
.../ca/outbound/misc
.../ca/outbound/ca
# for export (unused in 0.9 except from mail on CA)
.../ca/conf
.../ca/conf/misc
# empty
.../ca/conf/openssl
.../ca/conf/openssl/extfiles
.../ca/conf/openssl/openssl
# openssl
.../ca/conf/rbac
.../ca/conf/rbac/modules
.../ca/conf/rbac/operations
.../ca/conf/rbac/rights
.../ca/conf/rbac/roles
.../ca/conf/rbac/scripts
# RBAC-Configuration
I would propose the following:
.../etc/crypto (ca-certs, key, chain, perhaps last crl, serial,
index.txt)
.../etc/(conf/)openssl
.../etc/(conf/)rbac
.../etc/(conf/)cgi (DB.conf, DBI.conf, ca.conf, raserver.conf,
public.conf)
.../var/db
.../var/mail
.../var/tmp
.../lib/lib/ (looks ugly)
.../lib/cmds/
.../lib/servers/
ca/
cmds/ (only the links)
sheets/
messages/
ra/
pub/
ca and ext are not necessary for var/ and etc/.
crypto is dynamic (read and write operations) so perhaps it should be
placed in var/crypto.
Michael
--
-------------------------------------------------------------------
Michael Bell Email (private): [EMAIL PROTECTED]
Rechenzentrum - Datacenter Email: [EMAIL PROTECTED]
Humboldt-University of Berlin Tel.: +49 (0)30-2093 2482
Unter den Linden 6 Fax: +49 (0)30-2093 2959
10099 Berlin
Germany [OpenCA Core Developer]
http://www.openca.org
_______________________________________________
OpenCA-Devel mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-devel
