[SAC] SSL Certificate Followup
Alex M
tech_dev at wildintellect.com
Mon May 2 06:33:34 PDT 2016
Yes the dir are non-standard.
Why, to avoid confusion with the old cert, and not pile it in a
directory with a bunch of other defaults chain files from the OS.
I actually left the old cert in place, so it's easy to toggle between
different certs in case it didn't work right. Sure some cleanup should
happen. Probably after we settle this question about DV vs OV. I didn't
realize it was a DV cert either until after we bought it. Explains the
price difference. Though it's not clear that anyone actually cares since
you can't tell without inspecting the cert. Note to those suggesting
letsencrypt, that too would only be a DV cert.
Thanks,
Alex
On 05/01/2016 06:43 PM, Martin Spott wrote:
> On Fri, Apr 29, 2016 at 08:37:37PM -0700, Alex Mandel wrote:
>
>> This needs to happen on:
>
> LDAP - done
>
>
> To me it looks like different and inconsistent variations from the
> standard directory naming schema for SSL keys and certs are being used
> on OSGeo infrastructure. I've found certificates in at least:
>
> /etc/ssl/certs/ # the default
> /etc/ssl/crt/
> /etc/ssl/osgeo/
> /etc/ssl/certs/osgeo/
>
> .... while the private keys are in:
>
> /etc/ssl/private/ # default
>
>
> I think we should either stick to the default or create a consistent
> derivative like:
>
> /etc/ssl/osgeo/certs/
> /etc/ssl/osgeo/private/
> ....
>
> We might even consider negotiating on fixed filenames so we don't need
> to change every config file every time ;-)
>
> Cheers,
>
> Martin.
>
More information about the Sac
mailing list