By default, all SUSE Linux Enterprise Server (SLES) 10 servers include self-generated server certificates to secure data communications with the servers. These certificates are self-signed and do not comply with the X.509 RFCs. They are provided only as a stop-gap and should be replaced as soon as possible by a certificate from a trusted Certificate Authority.
Unfortunately, many organizations ignore the vulnerabilities to mischievous or even malicious attacks that are created by not replacing these temporary certificates. Some of the reasons for this are
Many administrators lack the knowledge required.
Certificate maintenance can require a significant investment of time and effort.
Obtaining third-party certificates for each server is expensive.
The problems are compounded by the fact that X.509 certificates are designed to expire regularly and should be replaced shortly before they do.
Open Enterprise Server 2 includes solutions that address each of these issues at no additional expense.
This section discusses the certificate management enhancements available in OES 2 and how simple and straightforward it is to take advantage of these.