On Sun, Feb 01, 2015 at 11:42:30PM +0100, li...@rhsoft.net wrote:
> >For MSAs offering service to Joe Public, sure you'll want a CA-issued
> >cert.
>
> I only referred to "the interval between expiry is long enough that I get to
> learn everything over from first principles every time I have to replace a
> cert"
Yes, I know. Certainly, if one going to have to relearn each time,
capturing the knowledge in a script or README file is a very good
IDEA. That's what I'm doing with DNSSEC key generation and key
rotation.
--
Viktor.
