SoftwareDo I need ca-certificates on my server?

 

Press Ctrl+Enter to quickly submit your post
Quick Reply  
 
 
  
 From:  CHYRON (DSMITHHFX)  
 To:  ALL
41025.1 
I'm running a slightly overdue update on a staging server, and it's re-doing all the "ca-certificates", an excruciatingly slow process (normally updates run about 10-minutes, this is pushing a half hour already).

I'm not doing any e-commerce on this server (ISTR testing it on it once or twice, for production elsewhere). Can I safely nuke the certificates?

Edit: Or can I prune them down to the half-dozen most commonly used (in case I need to do more testing in future)? It's done about 50 so far. And it's really starting to piss me off!  :-&

----
"Ninety percent of Americans use the Internet. The other ten percent use the banjo."
0/0
 Reply   Quote More 

 From:  Drew (X3N0PH0N)  
 To:  CHYRON (DSMITHHFX)     
41025.2 In reply to 41025.1 
It'll be replacing them because of Heartbleed. And it'll be slow because everyone else in the world is doing the same thing.

 
0/0
 Reply   Quote More 

 From:  CHYRON (DSMITHHFX)  
 To:  Drew (X3N0PH0N)     
41025.3 In reply to 41025.2 
Yeah, I figured. The download wasn't slow, it was the onboard re-compiling that was killer (it's on a G4 ppc). So... do I need 'em or no?

----
"Ninety percent of Americans use the Internet. The other ten percent use the banjo."
0/0
 Reply   Quote More 

 From:  Drew (X3N0PH0N)  
 To:  CHYRON (DSMITHHFX)     
41025.4 In reply to 41025.3 
I don't know, sorry. That's a side of things I know absolutely fuck all about.

My *guess* would be that, given that it's a staging thing and I don't suppose many people will be using it, get everyone who uses it to add a security exception? And maybe self-sign as a little tiny bit of protection.
0/0
 Reply   Quote More 

 From:  CHYRON (DSMITHHFX)  
 To:  Drew (X3N0PH0N)     
41025.5 In reply to 41025.4 
It's not a certificate for my server (which I don't run https on), it's a bunch of certificates that mostly appear to be for online transactions (e.g. thawte, a bunch of banks &ct). *I guess*

https://launchpad.net/ubuntu/+source/ca-certificates

"PEM files of CA certificates to allow SSL-based applications to check for the authenticity of SSL connections."

----
"Ninety percent of Americans use the Internet. The other ten percent use the banjo."
0/0
 Reply   Quote More 

 From:  Drew (X3N0PH0N)  
 To:  CHYRON (DSMITHHFX)     
41025.6 In reply to 41025.5 
You can still self-sign. But yeah, whether it'll actually work is another matter. But then I guess you don't actually need that part to work so...?
0/0
 Reply   Quote More 

 From:  Matt  
 To:  CHYRON (DSMITHHFX)     
41025.7 In reply to 41025.5 
You want them. CA Certificates are those used by the certificate vendors to verify other SSL certificates, they're not just used for HTTPS but lots of other SSL transports. Without up to date CA certificates your ability to communicate securely over SSL is as good as non existent.

doohicky

0/0
 Reply   Quote More 

 From:  CHYRON (DSMITHHFX)  
 To:  Matt     
41025.8 In reply to 41025.7 
OK, thanks. I can't remember if they were onboard the original ubuntu server installation, a package dependency, or I deliberately installed them. Maybe they're using stronger encryption, which could explain why they seemed so slow today. Apparently they're not updated very frequently.

----
"Ninety percent of Americans use the Internet. The other ten percent use the banjo."
0/0
 Reply   Quote More 

Reply to All    
 

1–8

Rate my interest:

Adjust text size : Smaller 10 Larger

Beehive Forum 1.5.2 |  FAQ |  Docs |  Support |  Donate! ©2002 - 2024 Project Beehive Forum

Forum Stats