- From: timeless <timeless@gmail.com>
- Date: Thu, 6 Jan 2011 15:09:17 +0200
On Thu, Jan 6, 2011 at 1:54 AM, Aryeh Gregor <Simetrical+w3c at gmail.com> wrote: > * If your cert expires or you misconfigure the site something else > goes wrong, all your users get scary error messages. This isn't limited to SNI. I saw one server which had its certificate expire at the end of Dec 30, 2010 (i.e. it was expired the morning of the last day of last year). Renewing certificates is scheduled maintenance which needs to be done and *planned for* anyway. I'm kinda surprised that servers and CAs don't have better support for reminding admins of this stuff. I know for mozilla.org, nagios is responsible for warning admins. The odd thing (to me) is that CAs make money selling certs, so one would expect them to want to sell the renewed cert and get that new booking by selling the new cert say 3-6 months before the old one expires. And thus they're actually being customer oriented, providing a useful service (possibly telling the customer about expired certs they issued which are still running...).
Received on Thursday, 6 January 2011 05:09:17 UTC