Synopsis: man starttls linking new certificate to cert.pem problem
Category: documentation
Environment:
System : OpenBSD 6.5
Details : OpenBSD 6.5-current (GENERIC.MP) #184: Wed Aug 7 21:37:16
MDT 2019
dera...@amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
Architecture: OpenBSD.amd64
Machine : amd64
Description:
man starttls says one can link a new certificate to cert.pem with
ln -s /etc/ssl/mail.example.com.crt /etc/ssl/cert.pem if one does not
intend
but link will
fail since /etc/ssl/cert.pem exists already
How-To-Repeat:
man starttls
I apologize, maybe it's not an error at all, so I'm writing to misc instead
of bugs.
I don't understand why one create this link, and I haven't been able to find an
explanation
on the lists or elsewhere. Any explanation would be greatly appreciated.
The reason I am asking about it is that I am forwarding all mail from
one server to another using starttls and opensmtpd, and it works fine with tls
no-verify
without creating the link to cert.pem. Also, if one does create the
link (perhaps backing up cert.pem first) then sysupgrade will fail
since it expects the original cert.pem. Also if running unbound, one
would need to use the original cert.pem (or whatever it was renamed to)
if using tls-bundle and DNS-over-TLS, I think.
