From: "Steven Levine" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 10601975 for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 19:36:40 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:54926 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.97.1) (envelope-from ) id 1sek1A-0000000070M-0y4L for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 19:36:32 -0400 Received: from mta-201a.earthlink-vadesecure.net ([51.81.229.180]:35469) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.97.1) (envelope-from ) id 1sek18-000000005LP-00sv for ecs-isp@2rosenthals.com; Thu, 15 Aug 2024 19:36:30 -0400 DKIM-Signature: v=1; a=rsa-sha256; bh=qhaSU/JE1uM8+Eay8K0W4a51PzfNe9i4zdUhs0 N7JYk=; c=relaxed/relaxed; d=earthlink.net; h=from:reply-to:subject: date:to:cc:resent-date:resent-from:resent-to:resent-cc:in-reply-to: references:list-id:list-help:list-unsubscribe:list-unsubscribe-post: list-subscribe:list-post:list-owner:list-archive; q=dns/txt; s=dk12062016; t=1723764988; x=1724369788; b=LdKZdog7ba2EUnR41uu17wGydkf f8InlQBVizzUUhE3s2g6JWrsEKqvTxXAjFN76bCZpf9Ur0FIJ2nDIMZkDSbUCAMnnQOevvH DDxljD7IUK9cDaxMtHsjA7JCjTTYarifg91tAQ6tm+8E9VXkT7ynN/slgNNbKfrca+Qf5mC hyrMEyU5M9CH42zK3GnTI9XEdLnjsdVy7BHhN9OBGr61ztBOxhqBkVPRz22XCL/SBUYKUjZ 34ycZS5clL1R3b3Jf6P+Or+Bl52mCEPEaq7EvBsIIPWJhvqNnsg7fzXQnT2IsIBousYdMRk MspIKlT/CrQBfrUnDvg5Qd4zXXmxERA== Received: from slamain ([172.56.240.198]) by vsel2nmtao01p.internal.vadesecure.com with ngmta id 2b819566-17ec0b1fd5c464e5; Thu, 15 Aug 2024 23:36:28 +0000 Message-ID: <66be8f81.29.mr2ice.fgrirsq@earthlink.net> Date: Thu, 15 Aug 2024 16:30:09 -0700 To: "eCS ISP Mailing List" In-Reply-To: Subject: Re: [eCS-ISP] Apache HTTPS X-Mailer: MR/2 Internet Cruiser Edition for OS/2 v3.00.11.24/60 In , on 08/16/24 at 07:28 AM, "Paul Smedley" said: Hi, >> create a new-crt.pem and new-key.pem >> hardlink the existing key.pem to timestamped-key.pem >> hardlink the existing crt.pem to timestamped-crt.pem >> unlink key.pem >> unlink crt.pem >> rename new-crt.pem to crt.pem >> rename new-key.pem to key.pem >OK... there is no copy() function in klibc - so I guess I'll find an >implementation, the alternate option being to rely on the user having >cp.exe available in path and calling that. It's going to be an edge case for cp.exe not to exist on a system that would need to use uacme.exe. The system() call would fail so the condiition would not go unnoticed. You could also do create a new-crt.pem and new-key.pem rename existing key.pem to timestamped-key.pem rename existing crt.pem to timestamped-crt.pem rename new-crt.pem to crt.pem rename new-key.pem to key.pem It's not quite as safe as the method the developers chose, but the difference is negligible, IMO Steven -- ---------------------------------------------------------------------- "Steven Levine" Warp/DIY/BlueLion etc. www.scoug.com www.arcanoae.com www.warpcave.com ----------------------------------------------------------------------