I’m thinking about SSL and make it a lot easier to “import public keys” from Provider and so on…
At first, I have many different servers (on diff VMs/Mashines!) behind ipfire, like Apache; Glassfish and Windows Servers for internally DNS(Sec).
Changing Provider-Keys for Glassfish or Java is a horror!
But not enought. Every Mashine/Software have it own implementation and it is unmanageable!
I take a look in my current settings and infratrukture:
I get an (Static-)IP from a leased VPN and on this it’s possible to route from the public server directly to Aliases (Private-IPs) which IP-Fire can provide.
On some new Domains I own, I route (iptables on leased Server) direcly to IPFires aliase and over time every Service will have its own Aliase in IPFire.
But I missing a GUI in IPFire for holding public-keys for the services behind IPFire.
It would a big help if there were a button on the Aliase-Page to import (Provider-)Keystrokes for each Aliase!
I know that a proxy for SSL is not realy what and EndP2EPSec (ref.: P2PSec) should be**, but it would make it a lot easier to handle all these SSL-chaos!
**allways till the softwareendpoint instead of network-handoff
If there is any way that anybody could implement this proxy with in the best way one button for each Aliase (import public-keys for https) I would spend some money for this! Just because it is unmanageable with a medium-to-large serverfarm and different delivery-handlers (IIS; Glassfish, Apache…)!
And it would still the better way than use public keys at the VPN-Server (the leased server), because the endpoint is a little bit more at softwareendpoint!
(DNS-Sec or in other words HTTPS to the leased Endpoint and from there ‘only’ with vpn-route - and of course: on the leased server there is console-chaos, too!)
This I heared, many people are using - and this not only because of the lot overhead by using more than 1 SSL-Layers, but because of the server-farm-chaos for a easier and more generalized integration.