Sebastien Marie wrote:

> > 4. With this tucked away into /etc/rc, what is the official update
> > procedure to regenerate cert.pem when adding a certificate?
> >
> > 5. where in the man pages do we note the existence of cert.local.pem?
> 
> nowhere at this stage. the diff is more a proof-of-concept asking for
> comments than something to be commited as it.

It's more of a discussion starter as to where that would potentially belong.
Maybe a new man page for cert.pem(5)?

Does it make sense making this part of /etc/rc vs calling out to a script
in /usr/libexec that does the generation of cert.pem (which a user can
run manually when making updates)?

Regards
Lloyd