Re: Using the SSL snakeoil certificate
On Mon, 24 Jul 2006, Milan P. Stanic wrote:
> On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote:
> > Milan P. Stanic wrote:
> > > Sorry if I misunderstand something, but is it okay to call it snakeoil
> > > if it is real certificate? I like to say that the symbolic links for
> > > per-service certificate shouldn't point to something called snake-oil.
> >
> > Nah, if you replace the snakeoil certificate by a real one, it's not
> > snake-oil anymore, of course.
>
> But then you must change all symlinks to that new real certificate.
That's why on my systems all the service names symlink to
thishost.{pem,key} and that is itself a symlink to the current
certificate. Only one symlink to update when you rotate certs.
Peter
--
| .''`. ** Debian GNU/Linux **
Peter Palfrader | : :' : The universal
http://www.palfrader.org/ | `. `' Operating System
| `- http://www.debian.org/
Reply to: