[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Using the SSL snakeoil certificate

On Mon, Jul 24, 2006 at 12:43:16PM +0200, Peter Palfrader wrote:
> On Mon, 24 Jul 2006, Milan P. Stanic wrote:
> > But then you must change all symlinks to that new real certificate.
> That's why on my systems all the service names symlink to
> thishost.{pem,key} and that is itself a symlink to the current
> certificate.  Only one symlink to update when you rotate certs.

That is what I'm thinking about. All service certificates should be
symlink to one generic name (as Martin proposed) but that name
shouldn't be snake-oil because the meaning of the word "snake oil", IMO.
thishost.{pem,key,crt,p12} looks better.

Another idea is to make that decision to user/admin during installation
through debconf or something similar, but don't ask me for patch
because I don't know how to make it. :)

Reply to: