Also be aware of the caveat that if you have a VIP with SSL termination behind it (i.e. on the hosts) and the CN points to the VIP you will be hitting only one of the many servers when doing verification. Same story with geo load balancing.
It gets worse with active-passive deployments since you may change the active (which you are probing) and when it fails and you automatically fall back to the backup you may find it with broken certificates. So make sure you test all resources that have the certificate and not just the resource that the CN resolves to. Cheers, Krassi On Thu, May 23, 2013 at 8:18 AM, Moritz <[email protected]> wrote: > A generic solution is any kind of scheduler/calendar/reminder, right? Or > what kind of tool to you imagine, and how is that specific to "crypto"? > > On 23.05.2013 16:05, Hans-Joachim Knobloch wrote: > > Dear all, > > > > is anyone of you aware of a (preferably open source) tool that keeps a > > database of certificates and sends e-mail reminders about the impending > > expiry (and hence the probable necessity of a renewal) to configurable > > e-mail address of the respective responsible person? > > > > Regards, > > Hans-Joachim. > > > _______________________________________________ > cryptography mailing list > [email protected] > http://lists.randombit.net/mailman/listinfo/cryptography >
_______________________________________________ cryptography mailing list [email protected] http://lists.randombit.net/mailman/listinfo/cryptography
