[Date Prev][Date Next]
RE: CA and Intermediate Certificates
It's a matter of preference.
Those 'huge clunky files' are easy to parse from the command line. When it's time to renew the cert, I can simply update the parts that were updated (usually just the host cert) rather than having to generate a new hash.
I understand where you're coming from, but I prefer this way. It really is easier to trace/fix/replace.
Or perhaps I'm misunderstanding you.
From: Quanah Gibson-Mount [mailto:firstname.lastname@example.org]
Sent: Thursday, August 14, 2014 11:17 AM
To: Chris Jacobs; Andrew Devenish-Meares; email@example.com
Subject: RE: CA and Intermediate Certificates
--On Thursday, August 14, 2014 10:22 AM -0700 Chris Jacobs <Chris.Jacobs@apollo.edu> wrote:
># grep TLS.*File slapd.conf
> TLSCACertificateFile /etc/openldap/cacerts/cacert.pem
> TLSCertificateFile /etc/openldap/cacerts/servercrt.pem
> TLSCertificateKeyFile /etc/openldap/cacerts/serverkey.pem
Or just use TLSCACertificatePath and hash the CA certs, rather than using huge clunky files...
Zimbra :: the leader in open source messaging and collaboration
This message is private and confidential. If you have received it in error, please notify the sender and remove it from your system.