--On Thursday, August 14, 2014 12:52 PM -0700 Chris Jacobs Chris.Jacobs@apollo.edu wrote:
It's a matter of preference. Those 'huge clunky files' are easy to parse from the command line. When it's time to renew the cert, I can simply update the parts that were updated (usually just the host cert) rather than having to generate a new hash.
I understand where you're coming from, but I prefer this way. It really is easier to trace/fix/replace.
Or perhaps I'm misunderstanding you.
You don't hash host certs at all. Just CA certs. Unless the CA redoes its cert chain, you don't have to do anything when updating the host cert.
--Quanah
--
Quanah Gibson-Mount Server Architect Zimbra, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration