We have the ssl-cert package to provide simple SSL-certificates. It also
allows you to regenerate them easily (see the man page for make-ssl-
cert). In my opinion, providing simple means for making self-signed
certificates with custom information in it will just provide a false
sense of security. If you want this, the proper way to do it is to set
up a proper CA and install the root certificate on each machine that
needs to authenticate the server.
In short: I think the lack of these scripts is in fact a good thing. If
your certificate is about to expire, make-ssl-cert is the solution. If
you want your own info in the certificate, you should set up a CA (which
is really not very difficult. There are plenty of howtos on that subject
floating around). If you insist on doing this the wrong way, you can
edit /usr/share/ssl-cert/ssleay.cnf. Be aware, though, that it's not a
config file in the dpkg sense, so it *will* be overwritten when ssl-cert
is updated (which happens very rarely).
Unless someone has good arguments against it, I'll reject this bug in
about a week.
** Changed in: dovecot (Ubuntu)
Assignee: (unassigned) => Soren Hansen
--
mkcert.sh dovecot-openssl.cnf
https://bugs.launchpad.net/bugs/59642
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
