Three months may be the new normal. That is all that LetsEncrypt is doing. Charles
-----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]] On Behalf Of Lester, Bob Sent: Wednesday, April 4, 2018 4:29 PM To: [email protected] Subject: Re: Security (was: Software Delivery on Tape ...) Hi Folks, As someone who is currently dealing with this - replacing unexpired certificates (to the Digicert Intermediate/CA from the Symantec CA) for our F5s and back-end servers, I can tell you that this is a pain in my butt. Can't renew while replacing unless within 90 days of expiration, so you have to replace and then renew in some cases. Not too bad for internal stuff, but not fun for external parters due to the coordination involved. Near as I can tell from the information I getting (from Symantec and others), it's not going to get better anytime soon. From what I've heard, some folks are advocating a 90-day certificate renewal. While I don't have an issue with that, it may make automation more important for larger enterprises. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: INFO IBM-MAIN
