We are planning to proxy EZD (Elektron Zero Daemon) through an F5, and I need to install a specific trust chain onto the server where EZD is running. I am trying to understand how EZD knows where to find the CA trustchain? I cannot find anything in the documentation I have.
Please find the response from EZD product development:
"The certificates are installed in the default directory such as /etc/ssl/certs. I believe the EZD is using the openSSL to access this file.
[root@ob1d-ddndrp225a certs]# ls -ltr
-rw-r--r--. 1 root root 978662 Dec 20 2013 ca-bundle.trust.crt
-rw-r--r--. 1 root root 757191 Dec 20 2013 ca-bundle.crt
-rwxr-xr-x. 1 root root 829 Jan 8 2014 renew-dummy-cert
-rwxr-xr-x. 1 root root 610 Jan 8 2014 make-dummy-cert
-rw-r--r--. 1 root root 2242 Jan 8 2014 Makefile
[root@ob1d-ddndrp225a certs]# pwd
Please see additional info from development team:
The current EZD release is doing some basic certificate authentication against the default system CA store. Unfortunately, there is essentially 0 consistency or standards for where the default system CA store is installed for Linux. So unfortunately, this is a per-distribution(and probably per-distro-version) operation.
Some info here:
and here(this covers redhat 6 and 7, at least):