API validation

Certificate Path:

For system wide use OpenSSL should provide you /etc/ssl/certs and /etc/ssl/private. The latter of which will be restricted 700 to root:root.
If you have an application not performing an initial privsep from root then it might suit you to locate them somewhere local to the application with the relevantly restricted ownership and permissions.

[root@instance1-nilsys ssl]# cd certs
[root@instance1-nilsys certs]# ls
ca-bundle.crt  ca-bundle.trust.crt  make-dummy-cert  Makefile  renew-dummy-cert
[root@instance1-nilsys certs]# ls -ltr
total 12
-rwxr-xr-x. 1 root root  829 Jul  8 12:01 renew-dummy-cert
-rw-r--r--. 1 root root 2516 Jul  8 12:01 Makefile
-rwxr-xr-x. 1 root root  610 Jul  8 12:01 make-dummy-cert
lrwxrwxrwx. 1 root root   55 Dec  9 08:33 ca-bundle.trust.crt -> /etc/pki/ca-trust/extracted/openssl/ca-bundle.trust.crt
lrwxrwxrwx. 1 root root   49 Dec  9 08:33 ca-bundle.crt -> /etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem
[root@instance1-nilsys certs]# openssl x509 -noout -fingerprint -sha1 -inform pem -in ca-bundle.crt
SHA1 Fingerprint=93:05:7A:88:15:C6:4F:CE:88:2F:FA:91:16:52:28:78:BC:53:64:17
[root@instance1-nilsys certs]#

Comments

Popular posts from this blog

Flutter for Single-Page Scrollable Websites with Navigator 2.0

A Data Science Portfolio is More Valuable than a Resume

Better File Storage in Oracle Cloud