On 2011-01-06 14:09, timeless wrote:
I'm kinda surprised that servers and CAs don't have better support for
reminding admins of this stuff.
I know for mozilla.org, nagios is responsible for warning admins.
The odd thing (to me) is that CAs make money selling certs, so one
would expect them to want to sell the renewed cert and get that new
booking by selling the new cert say 3-6 months before the old one
expires. And thus they're actually being customer oriented, providing
a useful service (possibly telling the customer about expired certs
they issued which are still running...).
This is why I like StartSSL.com so much (besides the free domain and
email certs), is that the "pay" certs
are actually for the authentication/certification process, the actual
certs themselves are free, and you can issue as many certs as you need
for a certain amount of time.
Besides being cheap they also notify you a little while before the certs
run out.
I know, I know, I'm almost sounding like a ad here, but StartCom the
company behind startssl.com is leading by example here and I wish other
CA's followed suit.
--
Roger "Rescator" Hågensen.
Freelancer - http://www.EmSai.net/
