Re-examine self-signed certificate generation
In general, it seems that any time I hear about self-signed certificates, it's because they got generated and clobbered what the SysOp actually wanted. I can think of a few options...
- Have a configuration option to allow it. This option could be set in the default configs and documented to be disabled when "something else" is used.
- Remove it and have a script that can generate one on demand, document its use and disable TLS/SSH by default.
The reading of the current cert would then need a retry/backoff mechanism of some sort and useful error messages.
Activity
assigned to @Deuce
Yeah, I was thinking of just adding the option to create self-signed and have it default to off/false. So if/when any of my sbbs instances can't read the key or cert, they don't go over-writing it again
Edited by Rob Swindell-
e.g. right around the line added in commit 2adf8468
Edited by Rob Swindell mentioned in commit cc717b40
Please register or sign in to reply