mirror of
https://pagure.io/fedora-docs/quick-docs.git
synced 2024-10-19 01:35:42 +00:00
43f7068c07
The directory has been renamed from .../blacklist to .../blocklist in all supported Fedora releases. Signed-off-by: Daiki Ueno <dueno@redhat.com>
18 lines
1.1 KiB
Text
18 lines
1.1 KiB
Text
[[using-the-system-wide-trust-store]]
|
|
= Using the System-wide Trust Store
|
|
|
|
In Fedora, the consolidated system-wide trust store is located in the `/etc/pki/ca-trust/` and `/usr/share/pki/ca-trust-source/` directories. The trust settings in `/usr/share/pki/ca-trust-source/` are processed with lower priority than settings in `/etc/pki/ca-trust/`.
|
|
|
|
Certificate files are treated depending on the subdirectory they are installed to the following directories:
|
|
|
|
* for trust anchors
|
|
** `/usr/share/pki/ca-trust-source/anchors/` or
|
|
** `/etc/pki/ca-trust/source/anchors/`
|
|
* for distrusted certificates
|
|
** `/usr/share/pki/ca-trust-source/blocklist/` or
|
|
** `/etc/pki/ca-trust/source/blocklist/`
|
|
* for certificates in the extended BEGIN TRUSTED file format
|
|
** `/usr/share/pki/ca-trust-source/` or
|
|
** `/etc/pki/ca-trust/source/`
|
|
|
|
NOTE: In a hierarchical cryptographic system, a trust anchor is an authoritative entity which is assumed to be trustworthy. For example, in X.509 architecture, a root certificate is a trust anchor from which a chain of trust is derived. The trust anchor must be put in the possession of the trusting party beforehand to make path validation possible.
|