Bug#656827: ejabberd: don't generate a self-signed certificate

Christoph Anton Mitterer Sat, 21 Jan 2012 17:03:16 -0800

Package: ejabberd
Version: 2.1.9-1
Severity: whislist


Hi.

Currently ejabberd generates a self-signed certificate.
IMHO this doesn't make much sense, no one will recognise this certificate.
As it's just another self-signed host cert, wouldn't it be better to use
/etc/ssl/certs/ssl-cert-snakeoil.pem
/etc/ssl/private/ssl-cert-snakeoil.key
?

Moreover, many people won't just use /etc/ejabberd/ejabberd.pem but have
something like /etc/ejabberd/certificates or so.
Wouldn't it make sense to _only_ generate the certificate (again) when a
check like
grep /etc/ejabberd/ejabberd.pem /etc/ejabberd/ejabberd.cfg
matches.

Cheers,
Chris.



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Bug#656827: ejabberd: don't generate a self-signed certificate

Reply via email to