Hello!
After those unfortunate events with openssl and heartbleed, renewal of certificates brought to surface not so much a problem but a dilemma. Since there are many certificates for many services and, almost, each and every one has it's own place to store certs, it is a bit impractical to work with them. Now, looking in CentOS, RHEL and Fedora, I see there is a point in putting certs in /etc/pki but on others like Ubuntu and Debian, there is /usr/share/ssl. I must admit I don't find /etc/pki a right place for it. At least not because of FHS.
So, my question would be, what do u think about those two locations and centralizing cert storage?
[link][7 comments]