I am working out the best way to enable SSL in a new 389 directory suite setup. I found that when updating the SSL certificate, there are problems with the symmetric keys used for attribute encryption. The instructions simply say to delete those entries and have the directory create new keys on startup after a certificate update. This worries me because if there is encrypted data locked to the lost keys, wouldn't that remain unrecoverable? Is there a best practice regarding installation of SSL certificates? Should I follow the self-signed cert steps and set a long lifetime on that cert, and then separate that from the SSL connectivity certificate (which we buy from an official certificate authority)? Thanks, Russ. -- 389 users mailing list 389-users@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/389-users
