Re: Managing SSL certificates
On Sat, 15 Oct 2005, Steve Langasek wrote:
> On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> > There aren't that many good reasons for having one cert per service
> > anyway,
> Preserving isolated security contexts for each service without having to
> make the private key readable to all local users?
/etc/ssl/private is 700, and I keep my keys there on most computers. I
can't remember having seen any problem with this with the services I've
run so far. This suggests that they all read the stuff while they are
still being able to do that (and only setuid() later, if at all).
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/