login.config to use private-CA-issued certificate

Peter Schober peter.schober at univie.ac.at
Wed Jul 31 11:11:08 EDT 2013


* David Bantz <dabantz at alaska.edu> [2013-07-31 01:48]:
> (B) may be infeasible unless there is some way to include reference
> to multiple trusted server certificates (non-obviousi to me).  

You said those server certs were issued by a private CA, I'm assuming
the same one. Why not add that private CA as a trust anchor (via
whatever mechanism) instead of adding server certs, which will break
the next time someone decides to roll over a server cert (probably
without telling you)?
-peter


More information about the users mailing list