thanks for the suggestions.
We are exploring the OCSP and CRL checks. It has potential.
As to getting certs from a different root, that wouldn't help us. We have no
Technical reason to keep underscored certs and are happy to get rid of them, it
is simply the effort required and the timeline
a qualification
> without clear guidance from the browsers on the risk associated with the non
> compliance.
>
> From: dev-security-policy on
> behalf of pilgrim2223--- via dev-security-policy
>
> Sent: Friday, December 7, 2018 8:26:
Thank you very much for your response!
So at the end of the day I will not get any relief from the browsers, and will
need to get an exception from my CA?
When I asked the CA they told me to take it here. Feels like the CA is where
I'm going to have to focus!
Thanks again for your time!
I need some clarification on something here
1) Why are legacy certs not being allowed to expire, and instead we are being
forced to replace in a very short window? We stopped issuing certs with
underscores as soon as our CA told us to (probably mid-September) but that
still puts me at having
