[Mono-dev] Sync of mono Cert Store
Rick Tillery
rtillerywork at gmail.com
Thu Jul 13 22:13:21 UTC 2017
Thanks, Dave. Yes, that's how our install syncs in the first place.
The thing is that customers would need to know to run this on their
machines in addition to modifying the system cert store. (Plus, it's a bit
more complicated & nonstandard because we have a bundled mono, while
they're may not even be any system mono installed.)
I'm willing to create a method to automatically update the mono cert store
when the system cert store changes, but I want to understand whether there
is a different expectation about how cert updates are done & if there are
issues to consider with such a tool.
Rick
On Jul 13, 2017 5:04 PM, "David Curylo" <curylod at asme.org> wrote:
Rick,
You can run `cert-sync` at any time to synchronize new certs with your mono
cert store.
-Dave
> On Jul 13, 2017, at 6:01 PM, Rick Tillery <rtillerywork at gmail.com> wrote:
>
> As a follow-up my previous question (thanks Alex), we have a concern
about changes to the system certificate store & synchronization with the
mono cert store.
>
> I see that the system cert store is imported to mono on install (& we now
do this as well in our install), but what is the expected approach to
keeping the mono cert store updated? For example, if a certificate needs to
be added or revoked, is it expected that the admin knows that the mono cert
store needs to be manually updated too (and doesn't Java have a separate
cert store too, meaning that must be manually dealt with as well?)?
>
> (I didn't find there proper search terms with Google to show me much
about this.)
>
> Is there a reason not to create a method of syncing these, so changes to
the system cert store automatically get copied into the mono cert store? Is
there an accepted (safe) method of doing this?
>
> Rick
> _______________________________________________
> Mono-devel-list mailing list
> Mono-devel-list at lists.dot.net
> http://lists.dot.net/mailman/listinfo/mono-devel-list
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dot.net/pipermail/mono-devel-list/attachments/20170713/df4dcbcf/attachment-0001.html>
More information about the Mono-devel-list
mailing list