Prev · NextSTR #3618: Generate self-signed certificate at start-up?

Status:4 - Pending
Priority:1 - Request for Enhancement, e.g. asking for a feature
Scope:3 - Applies to all machines and operating systems
Subsystem:Scheduler
Summary:Generate self-signed certificate at start-up?
Version: -feature
Created By:twaugh.redhat
Assigned To:mike
Fix Version:Unassigned
Update Notification:

Receive EMails Don't Receive EMails

Trouble Report Files:

No files

Trouble Report Dialog:

Name/Time/Date/Text
twaugh.redhat: 09:13 Jul 12, 2010
 
When a client first connects to a new CUPS scheduler over an encrypted connection, there is a long delay while the scheduler creates a self-signed certificate.

This can cause some clients (especially samba) to time out.

Would you consider a change that would cause the certificate to be generated as soon as the scheduler starts?
 
mike: 09:24 Jul 12, 2010
 
Potentially as an enhancement for 1.5, however we also looking at supporting multiple certificate/key pairs (one per hostname), which would complicate generating them at startup.

As for Samba, it should never trigger SSL since traffic should be going over the local domain socket and we don't normally require encryption there...