Re: Managing SSL certificates
On Sat, 15 Oct 2005 15:35:40 +0200, Peter Palfrader
>I think better than yet another complex system to handle reference
>counts and stuff all packages should by default just be configured to
>use /the/ host certificate.
>That is, have all packages that need ssl certs depend on something that
>creates /etc/ssl/certs/thishost.pem and /etc/ssl/private/thishost.key
>unless they already exist.
>Then services should ship with configuration that uses those files
>rather than /etc/<randompath><randomfile>
>There aren't that many good reasons for having one cert per service
>anyway, and this scheme would make things easier for both, packages and
>the system administrator.
As long as this scheme is provided by a package with a cleanly defined
"API", and that "API" is crafted in a way that this package can be
seamly replaced by one that allows service-based certificates,
including an easy way to create and manage such certificates, this is
But please don't close any doors by implementing a restricted
-------------------------------------- !! No courtesy copies, please !! -----
Marc Haber | " Questions are the | Mailadresse im Header
Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/
Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834