On Tue, Jun 09, 2015 at 01:40:00PM -0400, Warren Kumari wrote:
> Something that I have found is useful for things like this is to inset
> a large comment in the MTA config file saying something like:
> # *************************************************
> # NOTE NOTE NOTE NOTE NOTE NOTE
> #
> # Don't forget to update the TLSA record
> # when replacing this certificate, or you will
> # look like a dumdum...
> #*************************************************
> right above the smtpd_tls_cert_file = (or equivalent) line.
My inclination is to recommend placing this in the certificate file
itself (PEM certificate files can contain ignored text above the
"-----BEGIN/END...." blocks) as well a CERT_UPDATE_README file in
the directory containing the certificate file and keys.
We can also recommend that the user insert similar text near the
certificate settings infthe MTA configuration file, but we can't
do it for them. There are too many different tools for managing
the config files.
--
Viktor.
_______________________________________________
dane mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dane
