[Fedora-directory-users] comment about setupssl.sh
Susan
logastellus at yahoo.com
Wed Mar 29 20:48:56 UTC 2006
--- Richard Megginson <rmeggins at redhat.com> wrote:
> One solution would be to change setupssl.sh to accept a list of FQDNs
> for which to create DS and AS certs. Then you could just create all of
> the key/cert databases at once, and just copy them to the
> /opt/fedora-ds/alias directory on each machine.
yeah, this is a good idea. Because I don't know about other users but for me, creating certs is
just 1 of the steps towards SSL encrypted client<->FDS comms & MMR.
Another thing is this. If you create your certs with FQDNs, doesn't that mean that all clients
must refer to ldap server by FQDN? Because that's how it works in the web world. If I
create/sign a cert for webserver and somebody goes to https://webserver.company.com it'll prompt
the user, asking about this "new" cert, even though you're already trusting the CA that signed it.
If that's the case, that would be pretty annoying because within a company, everybody always
refers to hostnames, not fqdns (provided DNS works properly, obv.)
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the Fedora-directory-users
mailing list