Hi all,

I have already been busy for some time to study the way you setup SSL/https on Debian. Because before i only did it once on CentOS. Just found some documentation online (server world) followed it and there you go it worked. But then when i was documenting the OCS server installation for Debian i had followed different SSL Cert setup docs. From the server world and from the OCS wiki. But they were both not working for me. So i suppose somewhere they could be not completely correct. They were done kinda RedHat way. But later searching more about this i discovered that on Debian (supposedly same for Ubuntu) its done different way. Much easier with a script. And that they actually already are in place.

So now after using the snakeoil cert and not the selfmade one it all works. But one corious question that i have left now. Why is it named snakeoil? I know that snake oil in small doses can kinda be a medicine. And that to much security can be stupid and maybe even deadly. In bureaucratic disturbing way maybe.

But is the name connected to some story or something? Or anything else?

Thanks,
Nikolai

Snake oil was associated in the old days with dubious substances marketed fraudulently as medicine (often in 'medicine shows'). Usually the claim was that the substance would cure anything and the magic ingredient enabling that was snake oil. The concept is carried forward into ICT where there are many false claims of increased security, usually with MS products. Much which is marketed as helping security are just fraudulent being ineffectual or even harmful. In nearly all cases security has to be part of the original design because it is an ongoing process and not something which can be added on after the fact. A little searching on the net will show numerous examples.

Snake oil was associated in the old days with dubious substances marketed fraudulently as medicine (often in 'medicine shows'). Usually the claim was that the substance would cure anything and the magic ingredient enabling that was snake oil. The concept is carried forward into ICT where there are many false claims of increased security, usually with MS products. Much which is marketed as helping security are just fraudulent being ineffectual or even harmful. In nearly all cases security has to be part of the original design because it is an ongoing process and not something which can be added on after the fact. A little searching on the net will show numerous examples.

thx :)