On 27/11/10 16:44, Ralf Ertzinger wrote: > Hi. > > On Sat, 27 Nov 2010 16:15:47 +0100, nodata wrote > >> I don't agree. If you are replacing a production machine, you take >> the keys from the old machine and use them. If you don't want to do >> that, you buy new, probably stronger, certificates that are also >> valid. I think your case only covers self-signed certificates. > > I agree, usually the keys from the old machine are imported into the new. > I do, however, question the usefulness of generating self signed keys > for 'localhost' or 'localhost.localdomain'. Is there any valid use > case for these? Not normally, no. localhost is a catchall for when either your hosts file is badly configured or you didn't configure networking yet. So we're back to the problem you mentioned of these things running from rpm scriptlets. Maybe the sshd approach would be better - generate at first run of the daemon? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
