5 Jan
2010
5 Jan
'10
3:46 p.m.
Hi,
2) The certificates created are *temporary* and *not* intended for production use. As such it's always a good idea to bring this crucial fact to the attention of the person installing the server. No better way
yeah, explain the default install of Apache HTTPD with snakeoil localhost.localdomain certificate that I see oh so often ;-)
to make them aware of this than forcing them to perform a manual step. Otherwise they'll blindly think everything is hokey-dokey and deploy the server with temporary self-signed certs.
I agree with your comments though - the admin needs to know what they have installed and why/were it needs to be fixed. maybe server can log the fact its using a self-signed local/temp certificate? alan