[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Managing SSL certificates

On Sat, 15 Oct 2005 15:35:40 +0200, Peter Palfrader
<weasel@debian.org> wrote:
>I think better than yet another complex system to handle reference
>counts and stuff all packages should by default just be configured to
>use /the/ host certificate.
>That is, have all packages that need ssl certs depend on something that
>creates /etc/ssl/certs/thishost.pem and /etc/ssl/private/thishost.key
>unless they already exist.
>Then services should ship with configuration that uses those files
>rather than /etc/<randompath><randomfile>
>There aren't that many good reasons for having one cert per service
>anyway, and this scheme would make things easier for both, packages and
>the system administrator.

As long as this scheme is provided by a package with a cleanly defined
"API", and that "API" is crafted in a way that this package can be
seamly replaced by one that allows service-based certificates,
including an easy way to create and manage such certificates, this is

But please don't close any doors by implementing a restricted


-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber         |   " Questions are the         | Mailadresse im Header
Mannheim, Germany  |     Beginning of Wisdom "     | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834

Reply to: