[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the SSL snakeoil certificate

>>>>> "Jaldhar" == Jaldhar H Vyas <jaldhar@debian.org> writes:

    >> In an effort to clean up the SSL certificate mess on Ubuntu
    >> servers, we recently converted all our supported Server
    >> packages to make use of the ssl-cert package instead of
    >> creating a package-specific self-signed SSL certificate. This
    >> allows admins to easily replace the certificate with a 'real'
    >> one without touching dozens of configuration files, and also
    >> provides a consistent setup out of the box.

    Jaldhar> Is this is a good idea for Debian?  I think it is but it
    Jaldhar> doesn't make sense to switch dovecot over unless all the
    Jaldhar> other ssl-cert using packages also do it. Is this
    Jaldhar> possible in the etch timeframe?

I would really like it - I find it tedious configuring SSL
certificates for each and every package, when they usually are the
same...

Having one copy reduces the chances of accidently storing a private
key somewhere with inappropriate permissions.

I don't expect such a system to implement virtual hosting without
system administrator intervention, but a naming convention for the files
that supports virtual hosts would be even better IMHO, e.g.:

/etc/.../$hostname/...

Where hostname is the name of the host identified by the
certificate. That way adding/removing other certificates is easy.
-- 
Brian May <bam@debian.org>
Reply to: