On 06/16/2016 11:23 AM, Valeri Galtsev wrote: > as the one who has to handle quite a > few certificates, I only will go with certificates valid for a year, > ...do I miss something?). Yes. The tool that creates certificate/key pairs, submits the CSR, and installs the certificate is intended to be fully automated. In production, you should be running it as an automatic job. As someone who handles a lot of certificates, I can't imagine why I'd want any other CA to handle my certs (excluding the EV certs).