Hi Folks, As someone who is currently dealing with this - replacing unexpired certificates (to the Digicert Intermediate/CA from the Symantec CA) for our F5s and back-end servers, I can tell you that this is a pain in my butt. Can't renew while replacing unless within 90 days of expiration, so you have to replace and then renew in some cases. Not too bad for internal stuff, but not fun for external parters due to the coordination involved.
Near as I can tell from the information I getting (from Symantec and others), it's not going to get better anytime soon. From what I've heard, some folks are advocating a 90-day certificate renewal. While I don't have an issue with that, it may make automation more important for larger enterprises. Well, maybe it will keep me employed for a bit longer... 😊 Thanks! BobL -----Original Message----- From: IBM Mainframe Discussion List [mailto:IBM-MAIN@LISTSERV.UA.EDU] On Behalf Of Paul Gilmartin Sent: Wednesday, April 4, 2018 5:14 PM To: IBM-MAIN@LISTSERV.UA.EDU Subject: Re: Security (was: Software Delivery on Tape ...) [ EXTERNAL ] On Wed, 4 Apr 2018 15:57:02 -0700, Charles Mills wrote: >> As for Certificate Authorities, quis custodiet ipsos custodes? > >Google LOL. >https://urldefense.proofpoint.com/v2/url?u=https-3A__security.googleblo >g.com_2017_09_chromes-2Dplan-2Dto-2Ddistrust-2Dsymantec.html&d=DwIFaQ&c >=huW-Z3760n7oNORvLCN2eJBo4X7nIGCr9Ffht-z0f4k&r=1KMMjoSvFEwY7ZoooplFIrKc >OeeTJVI4X6Bc3o6vdK4&m=viCmiUgiqpvJal6JWxEjJfdIBtZkBEuWqPhowJfEyzY&s=WdX >KZvrW1WkWZcxmVv-1pngWRoNEYa6LNpqZJIga6Og&e= > How will that be removed from my Firefox? Routinely, with updates, or will it be irrelevant once all servers stop relying on it? LOL. -- gi ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN This e-mail transmission may contain information that is proprietary, privileged and/or confidential and is intended exclusively for the person(s) to whom it is addressed. Any use, copying, retention or disclosure by any person other than the intended recipient or the intended recipient's designees is strictly prohibited. If you are not the intended recipient or their designee, please notify the sender immediately by return e-mail and delete all copies. OppenheimerFunds may, at its sole discretion, monitor, review, retain and/or disclose the content of all email communications. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN