[whatwg] whatwg Digest, Vol 82, Issue 10

timeless timeless at gmail.com
Thu Jan 6 05:09:17 PST 2011

On Thu, Jan 6, 2011 at 1:54 AM, Aryeh Gregor <Simetrical+w3c at gmail.com> wrote:
> * If your cert expires or you misconfigure the site something else
> goes wrong, all your users get scary error messages.

This isn't limited to SNI. I saw one server which had its certificate
expire at the end of Dec 30, 2010 (i.e. it was expired the morning of
the last day of last year). Renewing certificates is scheduled
maintenance which needs to be done and *planned for* anyway.

I'm kinda surprised that servers and CAs don't have better support for
reminding admins of this stuff.

I know for mozilla.org, nagios is responsible for warning admins.

The odd thing (to me) is that CAs make money selling certs, so one
would expect them to want to sell the renewed cert and get that new
booking by selling the new cert say 3-6 months before the old one
expires. And thus they're actually being customer oriented, providing
a useful service (possibly telling the customer about expired certs
they issued which are still running...).

More information about the whatwg mailing list