[Zope3-dev] Why do we distribute SSL server keys and certs?
Jim Fulton
jim at zope.com
Sat Oct 14 10:17:16 EDT 2006
I'll probably reveal my ignorance of SSL here, but it is worrisome to me
that we distribute a PEM file that contains a default server key and
certificate. This seems like an exceedingly bad idea.
We also distribute a private key to be used for sftp. (Shouldn't there
be a corresponding public key?) This seems like a very bad idea too.
The good news is that neither are these are enabled by default, however,
there are commented examples in the configuration file with comments
blithely telling people to uncomment them to get HTTPS or SFTP support,
using public "private" keys.
Am I missing something?
BTW, are there tests of the HTTPS and SFTP support?
Jim
--
Jim Fulton mailto:jim at zope.com Python Powered!
CTO (540) 361-1714 http://www.python.org
Zope Corporation http://www.zope.com http://www.zope.org
More information about the Zope3-dev
mailing list