On 06/16/2016 11:23 AM, Valeri Galtsev wrote:
as the one who has to handle quite a few certificates, I only will go with certificates valid for a year, ...do I miss something?).
Yes. The tool that creates certificate/key pairs, submits the CSR, and installs the certificate is intended to be fully automated. In production, you should be running it as an automatic job.
As someone who handles a lot of certificates, I can't imagine why I'd want any other CA to handle my certs (excluding the EV certs).