Ben Laurie wrote:
>
> Adam Laurie wrote:
> >
> > John Sutton wrote:
> > > 2) What is this strange business of generating a odd named soft link to a
> > > key file:
> > >
> > > dd948bac.0 -> ../SSLconf/conf/httpsd.pem
> > >
> > > Is this necessary? desirable? why?
> >
> > Necessary? No.
> >
> > Desirable? Depends.
> >
> > The soft link allows the server to find the relevant CA cert, quickly.
> > This is only an issue if you have a lot of certs. The bottom line is
> > your server will function OK without it.
>
> Not quite. If it needs to look up a CA, the link is required. However,
> for a server cert, it doesn't need the CA.
Errr... No, I stand by my original statement, and have just conducted a
little experiment, as follows:
1. Go to CA/client-cert protected server.
2. Remove all '.0' files.
3. Restart server.
4. Authenticate.
5. Say 'Nyah nyah nyah, told ya so!', in a brotherly kind of way, very
publicly. :)
(For those of you that are beginning to wonder why Ben and I sometimes
have such differing opinions about this stuff despite the fact that we
both work for the same company, I should explain that he is a
programmer, and is therefore viewing the world through some bizarre
object-oriented reality distortion module, while I am a sysadmin, and am
therefore following the True and Righteous Path of Crystal Clarity and
User Friendliness(tm)...) ;> </FLAMEBAIT>
cheers,
Adam
--
Adam Laurie Tel: +44 (181) 742 0755
A.L. Digital Ltd. Fax: +44 (181) 742 5995
Voysey House
Barley Mow Passage http://www.aldigital.co.uk
London W4 4GB mailto:adam@algroup.co.uk
UNITED KINGDOM PGP key on keyservers