On Thu, June 16, 2016 3:00 pm, Gordon Messmer wrote:
On 06/16/2016 11:23 AM, Valeri Galtsev wrote:
as the one who has to handle quite a few certificates, I only will go with certificates valid for a year, ...do I miss something?).
Yes. The tool that creates certificate/key pairs, submits the CSR, and installs the certificate is intended to be fully automated. In production, you should be running it as an automatic job.
Should I? Ooops. Not this, please. I do trust more myself installing it manually, and testing results than my buggy scripts or external tools alike (and the ability of these to keep up with possible changes on Certification Authority interface side).
As someone who handles a lot of certificates, I can't imagine why I'd want any other CA to handle my certs (excluding the EV certs).
And here we are on the same page...
Valeri
++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++