Re: Using the SSL snakeoil certificate
Milan P. Stanic wrote:
> > For example:
> > Dovecot uses </etc/ssl/certs/dovecot.pem>.
> > This is a symbolic link to </etc/ssl/certs/ssl-cert-snakeoil.pem> if
> > the above file or link does not exist during configuration of
> > dovecot.
> > That way, the admin can easily replace the symlink with a real
> > certificate if they want per-service certificates.
> > If, however, they want to have one real certificate for everything,
> > they can replace the snakeoil certificate like Martin Pitt proposed.
> Sorry if I misunderstand something, but is it okay to call it snakeoil
> if it is real certificate? I like to say that the symbolic links for
> per-service certificate shouldn't point to something called snake-oil.
Nah, if you replace the snakeoil certificate by a real one, it's not
snake-oil anymore, of course.
If you don't want to use a snakeoil certificate, you'll have to provide
a real one anyway, best would be if it was certified by a commonly
Long noun chains don't automatically imply security. -- Bruce Schneier
Please always Cc to me when replying to me on the lists.