[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Managing SSL certificates

On Sat, 15 Oct 2005, Steve Langasek wrote:

> On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> > There aren't that many good reasons for having one cert per service
> > anyway,
> Preserving isolated security contexts for each service without having to
> make the private key readable to all local users?

/etc/ssl/private is 700, and I keep my keys there on most computers.  I
can't remember having seen any problem with this with the services I've
run so far.  This suggests that they all read the stuff while they are
still being able to do that (and only setuid() later, if at all).

 PGP signed and encrypted  |  .''`.  ** Debian GNU/Linux **
    messages preferred.    | : :' :      The  universal
                           | `. `'      Operating System
 http://www.palfrader.org/ |   `-    http://www.debian.org/

Reply to: