Re: Managing SSL certificates

[Peter Palfrader <weasel@debian.org>]

On Sat, 15 Oct 2005, Steinar H. Gunderson wrote:

> On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> > There aren't that many good reasons for having one cert per service
> > anyway
> 
> ...except that if you have a certificate for hostname.domain.com and your
> users connect to (say) imap.domain.com, they would get a warning dialog box?

We can't know all the names that people will use to refer to your
server, so this is one of the cases where you have to do stuff manually
anyway.

This doesn't mean that we can't have a sane default configuration to
start with.

Cheers,
Peter

[ Maybe, services should use etc/ssl/certs/service.pem which by default
  just symlinks to thishost.pem?  Upon purge we remove it if it still is
  that symlink. ]
-- 
 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/