Re: Using the SSL snakeoil certificate
>>>>> "Jaldhar" == Jaldhar H Vyas <jaldhar@debian.org> writes:
>> In an effort to clean up the SSL certificate mess on Ubuntu
>> servers, we recently converted all our supported Server
>> packages to make use of the ssl-cert package instead of
>> creating a package-specific self-signed SSL certificate. This
>> allows admins to easily replace the certificate with a 'real'
>> one without touching dozens of configuration files, and also
>> provides a consistent setup out of the box.
Jaldhar> Is this is a good idea for Debian? I think it is but it
Jaldhar> doesn't make sense to switch dovecot over unless all the
Jaldhar> other ssl-cert using packages also do it. Is this
Jaldhar> possible in the etch timeframe?
I would really like it - I find it tedious configuring SSL
certificates for each and every package, when they usually are the
same...
Having one copy reduces the chances of accidently storing a private
key somewhere with inappropriate permissions.
I don't expect such a system to implement virtual hosting without
system administrator intervention, but a naming convention for the files
that supports virtual hosts would be even better IMHO, e.g.:
/etc/.../$hostname/...
Where hostname is the name of the host identified by the
certificate. That way adding/removing other certificates is easy.
--
Brian May <bam@debian.org>
Reply to: