On Mon, 24 Jul 2006, Milan P. Stanic wrote: > On Sun, Jul 23, 2006 at 08:37:50PM +0200, Martin Schulze wrote: > > Milan P. Stanic wrote: > > > Sorry if I misunderstand something, but is it okay to call it snakeoil > > > if it is real certificate? I like to say that the symbolic links for > > > per-service certificate shouldn't point to something called snake-oil. > > > > Nah, if you replace the snakeoil certificate by a real one, it's not > > snake-oil anymore, of course. > > But then you must change all symlinks to that new real certificate.
That's why on my systems all the service names symlink to thishost.{pem,key} and that is itself a symlink to the current certificate. Only one symlink to update when you rotate certs. Peter -- | .''`. ** Debian GNU/Linux ** Peter Palfrader | : :' : The universal http://www.palfrader.org/ | `. `' Operating System | `- http://www.debian.org/ -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]