where 'o where to store certificates and keys
David Woodhouse
dwmw2 at infradead.org
Tue Apr 19 22:50:39 UTC 2005
On Tue, 2005-04-19 at 16:07 -0400, John Dennis wrote:
> I know this has been debated before, be we've got to make a decision and
> move forward (in part because this is now gating some work on my
> plate :-). I've had a hallway conversation with Nalin and Dan Walsh and
> it was agreed this was the most palatable option at the moment (not
> ideal, but a workable solution).
ACK. While we're at it -- is there any way we could get the keys
generated _after_ the install? We could have something in firstboot
which collects all the information required for SSL certs, rather than
just using 'SomeState' etc. Even if we don't take it that far, if we
just generate the certs _without_ user input during the first boot
sequence then we're at least likely to get a decent hostname instead of
'localhost.localdomain'.
It's also been suggested that we should also assign random sequence
numbers to generated certs, because people are seeing errors reported
due to 'duplicate' autogenerated certs.
--
dwmw2
More information about the Fedora-maintainers
mailing list