[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: SSL
From: |
Jan-Henrik Haukeland |
Subject: |
Re: SSL |
Date: |
11 Oct 2002 18:57:23 +0200 |
User-agent: |
Gnus/5.0808 (Gnus v5.8.8) XEmacs/21.4 (Civil Service) |
Christian Hopp <address@hidden> writes:
> > > What do you think... should I commit?
> >
> > I'm not sure I got all that. Do you mean that monit should only accept
> > connections to its http server if the client sends a valid ca signed
> > certificate? I'm not sure, maybe, probably. The safest is to leave it
> > as a monitrc configure option. (Since not all have a CA signed cert
> > and will have to make up their own it could be a problem for a monit
> > client to speak with a monit daemon over SSL to get status and such)
> >
>
> This only happens if you turn on client pem files. If not monit
> does not need any client side certificates.
I'm nitpicking but you do need a client and server cert for
encryption/decryption in a secure client/server SSL communication. But
maybe if no client pem files exist a monit client is using the same
cert as the monit daemon? (I have to read up on your new SSL code to
get this :)
> I can put a statement like "allowselfcertification" (or what ever
> term) to allow self certified certificates.
Sounds good
> Anyways, somebody should tidy up the "set httpd" statement. Because
> everything is right now order dependent. )-: Unfortunatly I go on
> vacation for the next week, if please somebody else could do me the
> favor of tiding it up. (-:
Do not be suprised if it's fixed when you get back. Have a nice
vacation and take it easy with that karate stuff :-)
--
Jan-Henrik Haukeland
- SSL, Christian Hopp, 2002/10/11
- Re: SSL, Jan-Henrik Haukeland, 2002/10/11
- Re: SSL, Christian Hopp, 2002/10/11
- Re: SSL,
Jan-Henrik Haukeland <=
- Re: SSL, Christian Hopp, 2002/10/11
- Re: SSL, rory, 2002/10/11