[CentOS] https and self signed

Thu Jun 16 20:11:48 UTC 2016
Valeri Galtsev <galtsev at kicp.uchicago.edu>

On Thu, June 16, 2016 3:00 pm, Gordon Messmer wrote:
> On 06/16/2016 11:23 AM, Valeri Galtsev wrote:
>> as the one who has to handle quite a
>> few certificates, I only will go with certificates valid for a year,
>> ...do I miss something?).
> Yes.  The tool that creates certificate/key pairs, submits the CSR, and
> installs the certificate is intended to be fully automated.  In
> production, you should be running it as an automatic job.

Should I? Ooops. Not this, please. I do trust more myself installing it
manually, and testing results than my buggy scripts or external tools
alike (and the ability of these to keep up with possible changes on
Certification Authority interface side).

> As someone who handles a lot of certificates, I can't imagine why I'd
> want any other CA to handle my certs (excluding the EV certs).

And here we are on the same page...


Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247