Re: Managing SSL certificates
On Sat, 15 Oct 2005, Lars Wirzenius wrote:
> My suggestion would be to create a tool to manage installation and
> removal of certificates. Something like this:
>
> update-ssl-certificate --create package servicename
> update-ssl-certificate --remove package servicename
I think better than yet another complex system to handle reference
counts and stuff all packages should by default just be configured to
use /the/ host certificate.
That is, have all packages that need ssl certs depend on something that
creates /etc/ssl/certs/thishost.pem and /etc/ssl/private/thishost.key
unless they already exist.
Then services should ship with configuration that uses those files
rather than /etc/<randompath><randomfile>
There aren't that many good reasons for having one cert per service
anyway, and this scheme would make things easier for both, packages and
the system administrator.
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
Reply to: