With my testing of packages in etch with piuparts[1], I occasionally run
into a problem that occurs in many packages in the same way. One such
problem is the creation and deletion of SSL certificates for various
services (imaps, https, etc). At the moment, the packages tend to create
the certificat
On Sat, 15 Oct 2005, Lars Wirzenius wrote:
> My suggestion would be to create a tool to manage installation and
> removal of certificates. Something like this:
>
> update-ssl-certificate --create package servicename
> update-ssl-certificate --remove package servicename
I think be
On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> There aren't that many good reasons for having one cert per service
> anyway
...except that if you have a certificate for hostname.domain.com and your
users connect to (say) imap.domain.com, they would get a warning dialog box?
/*
On Sat, 15 Oct 2005, Steinar H. Gunderson wrote:
> On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> > There aren't that many good reasons for having one cert per service
> > anyway
>
> ...except that if you have a certificate for hostname.domain.com and your
> users connect to (
On 10/15/05, Peter Palfrader <[EMAIL PROTECTED]> wrote:
> On Sat, 15 Oct 2005, Steinar H. Gunderson wrote:
>
> > On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> > > There aren't that many good reasons for having one cert per service
> > > anyway
> >
> > ...except that if you have
Olaf van der Spek wrote:
> On 10/15/05, Peter Palfrader <[EMAIL PROTECTED]> wrote:
>>We can't know all the names that people will use to refer to your
>>server, so this is one of the cases where you have to do stuff manually
>>anyway.
> AFAIK there's an extension to HTTP to allow multiple TLS vhos
On 10/15/05, Thomas Viehmann <[EMAIL PROTECTED]> wrote:
> Olaf van der Spek wrote:
> > On 10/15/05, Peter Palfrader <[EMAIL PROTECTED]> wrote:
> >>We can't know all the names that people will use to refer to your
> >>server, so this is one of the cases where you have to do stuff manually
> >>anyway
On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
> There aren't that many good reasons for having one cert per service
> anyway,
Preserving isolated security contexts for each service without having to
make the private key readable to all local users?
--
Steve Langasek
On Sat, 15 Oct 2005, Steve Langasek wrote:
> On Sat, Oct 15, 2005 at 03:35:40PM +0200, Peter Palfrader wrote:
>
> > There aren't that many good reasons for having one cert per service
> > anyway,
>
> Preserving isolated security contexts for each service without having to
> make the private key
On Sat, Oct 15, 2005 at 03:10:50PM +0300, Lars Wirzenius wrote:
> With my testing of packages in etch with piuparts[1], I occasionally run
> into a problem that occurs in many packages in the same way. One such
> problem is the creation and deletion of SSL certificates for various
> services (imaps
On Sun, Oct 16, 2005 at 03:59:17PM +0200, Wouter Verhelst wrote:
> Such a tool would be very nice, and not just because of the cruft they
> leave behind -- many packages currently support SSL connections; some
> automatically generate a self-signed certificate upon installation,
> others leave that
On Sun, Oct 16, 2005 at 11:00:53AM -0400, sean finney wrote:
> On Sun, Oct 16, 2005 at 03:59:17PM +0200, Wouter Verhelst wrote:
> > Such a tool would be very nice, and not just because of the cruft they
> > leave behind -- many packages currently support SSL connections; some
> > automatically gene
On 10/16/05, sean finney <[EMAIL PROTECTED]> wrote:
> On Sun, Oct 16, 2005 at 03:59:17PM +0200, Wouter Verhelst wrote:
> > Such a tool would be very nice, and not just because of the cruft they
> > leave behind -- many packages currently support SSL connections; some
> > automatically generate a se
On Sat, 15 Oct 2005 15:35:40 +0200, Peter Palfrader
<[EMAIL PROTECTED]> wrote:
>I think better than yet another complex system to handle reference
>counts and stuff all packages should by default just be configured to
>use /the/ host certificate.
>
>That is, have all packages that need ssl certs de
Scribit sean finney dies 16/10/2005 hora 11:00:
> also, i think extreme care should be take wrt these ssl certificates.
> i don't think they should be blindly purged at package removal (or
> probably even package purge) time, without getting permission from the
> local admin.
I think that this SSL
15 matches
Mail list logo
