Hi Folks,
As someone who is currently dealing with this - replacing unexpired
certificates (to the Digicert Intermediate/CA from the Symantec CA) for our F5s
and back-end servers, I can tell you that this is a pain in my butt. Can't
renew while replacing unless within 90 days of expiration, so you have to
replace and then renew in some cases. Not too bad for internal stuff, but not
fun for external parters due to the coordination involved.
Near as I can tell from the information I getting (from Symantec and
others), it's not going to get better anytime soon. From what I've heard, some
folks are advocating a 90-day certificate renewal. While I don't have an issue
with that, it may make automation more important for larger enterprises.
Well, maybe it will keep me employed for a bit longer... 😊
Thanks!
BobL
-----Original Message-----
From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf
Of Paul Gilmartin
Sent: Wednesday, April 4, 2018 5:14 PM
To: IBM-MAIN@LISTSERV.UA.EDU
Subject: Re: Security (was: Software Delivery on Tape ...) [ EXTERNAL ]
On Wed, 4 Apr 2018 15:57:02 -0700, Charles Mills wrote:
>> As for Certificate Authorities, quis custodiet ipsos custodes?
>
>Google LOL.
>https://urldefense.proofpoint.com/v2/url?u=https-3A__security.googleblo
>g.com_2017_09_chromes-2Dplan-2Dto-2Ddistrust-2Dsymantec.html&d=DwIFaQ&c
>=huW-Z3760n7oNORvLCN2eJBo4X7nIGCr9Ffht-z0f4k&r=1KMMjoSvFEwY7ZoooplFIrKc
>OeeTJVI4X6Bc3o6vdK4&m=viCmiUgiqpvJal6JWxEjJfdIBtZkBEuWqPhowJfEyzY&s=WdX
>KZvrW1WkWZcxmVv-1pngWRoNEYa6LNpqZJIga6Og&e=
>
How will that be removed from my Firefox? Routinely, with updates, or will it
be irrelevant once all servers stop relying on it? LOL.
-- gi
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions, send email to
lists...@listserv.ua.edu with the message: INFO IBM-MAIN
This e-mail transmission may contain information that is proprietary,
privileged and/or confidential and is intended exclusively for the person(s) to
whom it is addressed. Any use, copying, retention or disclosure by any person
other than the intended recipient or the intended recipient's designees is
strictly prohibited. If you are not the intended recipient or their designee,
please notify the sender immediately by return e-mail and delete all copies.
OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or
disclose the content of all email communications.
----------------------------------------------------------------------
For IBM-MAIN subscribe / signoff / archive access instructions,
send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
