On Sat, 15 Oct 2005 15:35:40 +0200, Peter Palfrader <[EMAIL PROTECTED]> wrote: >I think better than yet another complex system to handle reference >counts and stuff all packages should by default just be configured to >use /the/ host certificate. > >That is, have all packages that need ssl certs depend on something that >creates /etc/ssl/certs/thishost.pem and /etc/ssl/private/thishost.key >unless they already exist. > >Then services should ship with configuration that uses those files >rather than /etc/<randompath><randomfile> > >There aren't that many good reasons for having one cert per service >anyway, and this scheme would make things easier for both, packages and >the system administrator.
As long as this scheme is provided by a package with a cleanly defined "API", and that "API" is crafted in a way that this package can be seamly replaced by one that allows service-based certificates, including an easy way to create and manage such certificates, this is fine. But please don't close any doors by implementing a restricted interface. Greetings Marc -- -------------------------------------- !! No courtesy copies, please !! ----- Marc Haber | " Questions are the | Mailadresse im Header Mannheim, Germany | Beginning of Wisdom " | http://www.zugschlus.de/ Nordisch by Nature | Lt. Worf, TNG "Rightful Heir" | Fon: *49 621 72739834
