Changes between Version 1 and Version 2 of https-for-all
- Timestamp:
- Nov 22, 2012, 6:06:50 PM (11 years ago)
Legend:
- Unmodified
- Added
- Removed
- Modified
-
https-for-all
v1 v2 12 12 I propose the following locations, all derived from the numeric ID of the red "web configuration" object, represented here as WEBID: 13 13 14 secret key:: `/etc/ ssl/private/member_keys/WEBID.key`15 server certificate (cert):: `/etc/ ssl/member_certs/WEBID_cert.pem`16 certificate signing request (CSR):: `/etc/ ssl/member_csrs/WEBID.csr`17 intermediate CA certs (iCAs):: `/etc/ ssl/member_certs/WEBID_intermediates.pem`18 backups:: Automatically backed-up files would go in `/etc/ ssl/mfpl-backups/` and would have the timestamp (to 1Hz precision, ISO-8601 format) of the backup prefixed to their name with a dot (e.g. `/etc/ssl/mfpl-backups/2012-05-23_03:32:55.WEBID_cert.pem`)14 secret key:: `/etc/x509/private/member_keys/WEBID.key` 15 server certificate (cert):: `/etc/x509/member_certs/WEBID_cert.pem` 16 certificate signing request (CSR):: `/etc/x509/member_csrs/WEBID.csr` 17 intermediate CA certs (iCAs):: `/etc/x509/member_certs/WEBID_intermediates.pem` 18 backups:: Automatically backed-up files would go in `/etc/x509/mfpl-backups/` and would have the timestamp (to 1Hz precision, ISO-8601 format) of the backup prefixed to their name with a dot (e.g. `/etc/x509/mfpl-backups/2012-05-23_03:32:55.WEBID_cert.pem`) 19 19 20 20 A mosh would examine its list of active web configurations from red. for each webconfig WC, with numeric ID WEBID, it would scan these files for trouble, creating or generating them as needed. … … 84 84 == mosh server changes == 85 85 86 Perhaps we want to expose `/etc/ ssl/member_csrs` directly to the web under the mosh's canonical hostname? That way we could link to them directly (or include them in an iframe) in the control panel's web UI.86 Perhaps we want to expose `/etc/x509/member_csrs` directly to the web under the mosh's canonical hostname? That way we could link to them directly (or include them in an iframe) in the control panel's web UI. 87 87 88 88 == red changes == … … 122 122 As of yet, there are a few corner cases this scheme doesn't permit. 123 123 124 === deliberately different configurations between http and https === 125 126 some member sites may have deliberately made different choices for their web configs between http and https. This sounds like a bad idea in general to me; i don't know how many of them there are, either. Hopefully we can track those differences down and help them get normalized. 127 124 128 === CSRs that need to embed a challenge === 125 129