http://bugzilla.novell.com/show_bug.cgi?id=550395
User jdsn@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=550395#c2
J. Daniel Schmidt
The current yast2-webclient ssl certificate is self-generated. It should be replaced by something more trustworthy ...
Please define "something more trustworthy". And btw.: we are not talking about "client certifcates" here - this is an authentication technology based on SSL certificates. We could create a general server certifcate or an entire CA and ship it, but this does not change the trustworthiness. To the contrary: if the certificate key file is published, everybody could decrypt the SSL traffic. So the current situation is the best I can imagine for now. If it comes to deployment every customer has to create his own certificate(s) for his system(s) anyway, as he can only trust a certificate he created and implemented himself and it has to match his domainname(s). We can not do this for him. We can only help by pointing him to the yast2-ca-management module. For his appliances he thus has to use a certificate whose CA is already part of the openssl-certs package and make sure it gets into the appliance _or_ he has to make sure that his own CA certificate file gets into the appliance. I discussed the latter with Michael Calmer and we agreed that SLMS should not import any CA certifcate automatically. As this is a step that touches the trust relationship between two systems, parties or even companies this has to be a deliberate action. So I recommend to close this bug as WORKSFORME or WONTFIX. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.