Building production machines out-of-place, regenerating certs when a machine's identity changes, etc.

Ralf Ertzinger fedora at
Sat Nov 27 15:44:59 UTC 2010


On Sat, 27 Nov 2010 16:15:47 +0100, nodata wrote

> I don't agree. If you are replacing a production machine, you take
> the keys from the old machine and use them. If you don't want to do
> that, you buy new, probably stronger, certificates that are also
> valid. I think your case only covers self-signed certificates.

I agree, usually the keys from the old machine are imported into the new.
I do, however, question the usefulness of generating self signed keys
for 'localhost' or 'localhost.localdomain'. Is there any valid use
case for these?

More information about the devel mailing list