Milan P. Stanic wrote: > > For example: > > > > Dovecot uses </etc/ssl/certs/dovecot.pem>. > > > > This is a symbolic link to </etc/ssl/certs/ssl-cert-snakeoil.pem> if > > the above file or link does not exist during configuration of > > dovecot. > > > > That way, the admin can easily replace the symlink with a real > > certificate if they want per-service certificates. > > > > If, however, they want to have one real certificate for everything, > > they can replace the snakeoil certificate like Martin Pitt proposed. > > Sorry if I misunderstand something, but is it okay to call it snakeoil > if it is real certificate? I like to say that the symbolic links for > per-service certificate shouldn't point to something called snake-oil.
Nah, if you replace the snakeoil certificate by a real one, it's not snake-oil anymore, of course. If you don't want to use a snakeoil certificate, you'll have to provide a real one anyway, best would be if it was certified by a commonly accepted CA. Regards, Joey -- Long noun chains don't automatically imply security. -- Bruce Schneier Please always Cc to me when replying to me on the lists. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]