http://bugzilla.suse.com/show_bug.cgi?id=1023552 http://bugzilla.suse.com/show_bug.cgi?id=1023552#c3 --- Comment #3 from Jo Schulze <jo@feuersee.de> --- I accept this WONTFIX as I always do, but here are my thoughts about how to improve the situation. Well, we're no longer in the 90s where hardly anything than https required certs. Nowadays hardly anything (like po3s, imaps, https, ...) is supposed to support (at least alternativly) encryption, and even if self-signed by own CA certs are used - or paid for certs - there is a need for a central, non-app based place to store these certs. As these certs usually pin down to the CN which is most likely the FQHN it is much more convenient concerning maintainance to store them in a central place than placing copys all over the FS for the appropriate services. In Debian based dists this is /etc/ssl and works pretty well. I don't see the any benefit in the openSUSE construct to symlink this dir to /var/whatever and deny any admin changes. This leaves the admin to spread the same cert all over again to the various places where the service expects it's certs to find, while most services are currently easy to accept a server-wide place to read certs from. I'd say that the service based assumption of where to place certs is outdated and won't work much longer. openSUSE should decide where system-wide used certs are to be placed, not service-wide. Just my 2¢ -- You are receiving this mail because: You are on the CC list for the bug.