W3C home > Mailing lists > Public > whatwg@whatwg.org > January 2011

[whatwg] whatwg Digest, Vol 82, Issue 10

From: timeless <timeless@gmail.com>
Date: Thu, 6 Jan 2011 15:09:17 +0200
Message-ID: <AANLkTiksUZkqXHyUyboqu93ZAVKx1BLuLg9EbF6FUsPQ@mail.gmail.com>
On Thu, Jan 6, 2011 at 1:54 AM, Aryeh Gregor <Simetrical+w3c at gmail.com> wrote:
> * If your cert expires or you misconfigure the site something else
> goes wrong, all your users get scary error messages.

This isn't limited to SNI. I saw one server which had its certificate
expire at the end of Dec 30, 2010 (i.e. it was expired the morning of
the last day of last year). Renewing certificates is scheduled
maintenance which needs to be done and *planned for* anyway.

I'm kinda surprised that servers and CAs don't have better support for
reminding admins of this stuff.

I know for mozilla.org, nagios is responsible for warning admins.

The odd thing (to me) is that CAs make money selling certs, so one
would expect them to want to sell the renewed cert and get that new
booking by selling the new cert say 3-6 months before the old one
expires. And thus they're actually being customer oriented, providing
a useful service (possibly telling the customer about expired certs
they issued which are still running...).
Received on Thursday, 6 January 2011 05:09:17 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:29 UTC