[Users] SSL in cloned VEs
Gregor at HostGIS
gregor at hostgis.com
Thu Jul 9 16:36:37 EDT 2009
> How does it work with VEs. If I install it on the VE before
> cloning, will it work on the clone directly or will i need to reissue
> certificate for each clone.
An invalid SSL certificate, even a self-signed or expired one, will
still "work" as far as encrypting data. If you're talking internal use,
and don't care about browser complaints, the SSL security is just fine
even with an invalid certificate or non-matching hostname.
The concern is the browser complaining when the hostname doesn't match
up, e.g. a certificate for https://clone-master.whatever.com/ is being
presented by https://clone1.whatever.com/ so the browser will raise the
"Invalid certificate" complaint. Your browser may let you "just accept
it" but that may not be appropriate depending on your customers/users.
If you are concerned about the certificates being valid, or at least
having the right hostname, it's best to generate them inside the VPS.
Technically, you don't even need the container running: you can chroot
and call openssl with appropriate arguments.
--
HostGIS, Open Source solutions for the global GIS community
Greg Allensworth - SysAdmin, Programmer, GIS Person, Security
Network+ Server+ A+ Security+
More information about the Users
mailing list