also sprach Rhonda D'Vine <rho...@deb.at> [2015-11-07 01:03 +1300]: > Hmm, the PEM format isn't that uncommon, shouldn't that (also) be > turned into a feature request to Let's Encrypt? There for sure is more > than just ejabberd using PEM format, I've seen and touched a fair amount > of services over time that use that, so I rather see that as a > limitation in Let's Encrypt.
The issue of splitting certificates is independent of the PEM format. Having both the key and cert in one file could be considered a feature. But since the two data have different security models, and we do not have in-file differentiation (e.g. protect the key while let people read the cert), using two files is the only sensible way. -- .''`. martin f. krafft <madduck@d.o> @martinkrafft : :' : proud Debian developer `. `'` http://people.debian.org/~madduck `- Debian - when you have better things to do than fixing systems
digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)