http://bugzilla.novell.com/show_bug.cgi?id=550395
User jdsn@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550395#c8
J. Daniel Schmidt
1. ship with https enabled but with a self-created certificate would be best option as I understand it.
Then we should not stay with the status quo. AFAIK currently we create the certificate when building the add-on product. So every instance uses the same certificate. This serves no purpose at all - the traffic is encrypted, sure, but nobody will notice an attack as it is easily possible now, because the certificate is the same for all instances. We need to add the creation of the CA and the server certificate to the first boot sequence of a system where WebYaST got installed. (Maybe it is a good idea to add this to the rc-scripts yastw[sc]). It must run in the real system as we need to find out the fully qualified domain name of the machine (this is a customer decision and it might change via DHCP) and create a certificate for it. Michael, any further comments from your perspective? What do you think about the idea of adding the certificate creation (resp. the call to a check-certificate-script) to the rc-scripts? -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.