Re: Using the SSL snakeoil certificate

[Peter Palfrader <weasel@debian.org>]

On Mon, 24 Jul 2006, Milan P. Stanic wrote:

> On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote:
> > Milan P. Stanic wrote:
> > > Sorry if I misunderstand something, but is it okay to call it snakeoil
> > > if it is real certificate? I like to say that the symbolic links for
> > > per-service certificate shouldn't point to something called snake-oil.
> > 
> > Nah, if you replace the snakeoil certificate by a real one, it's not
> > snake-oil anymore, of course.
> 
> But then you must change all symlinks to that new real certificate.

That's why on my systems all the service names symlink to
thishost.{pem,key} and that is itself a symlink to the current
certificate.  Only one symlink to update when you rotate certs.

Peter
-- 
                           |  .''`.  ** Debian GNU/Linux **
      Peter Palfrader      | : :' :      The  universal
 http://www.palfrader.org/ | `. `'      Operating System
                           |   `-    http://www.debian.org/