[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the SSL snakeoil certificate

Milan P. Stanic wrote:
> > For example:
> > 
> >   Dovecot uses </etc/ssl/certs/dovecot.pem>.
> > 
> >   This is a symbolic link to </etc/ssl/certs/ssl-cert-snakeoil.pem> if
> >   the above file or link does not exist during configuration of
> >   dovecot.
> > 
> > That way, the admin can easily replace the symlink with a real
> > certificate if they want per-service certificates.
> > 
> > If, however, they want to have one real certificate for everything,
> > they can replace the snakeoil certificate like Martin Pitt proposed.
> Sorry if I misunderstand something, but is it okay to call it snakeoil
> if it is real certificate? I like to say that the symbolic links for
> per-service certificate shouldn't point to something called snake-oil.

Nah, if you replace the snakeoil certificate by a real one, it's not
snake-oil anymore, of course.

If you don't want to use a snakeoil certificate, you'll have to provide
a real one anyway, best would be if it was certified by a commonly
accepted CA.



Long noun chains don't automatically imply security.  -- Bruce Schneier

Please always Cc to me when replying to me on the lists.

Reply to: