On Sun, Feb 01, 2015 at 10:32:53PM +0100, li...@rhsoft.net wrote:
> just make it once in your lifetime, create a template for default params and
> a script with minimal maintainance like for hash-method and keylength - the
> script below in any case builds a self signed PEM with key and cert as well
> as the CSR for submit to a CA
For MX hosts there is no reason to bother with public CAs, even
when the CA certs are free. Just set the expiration date a few
centuries into the future, and replace the cert when you feel the
key has been around long enough, rather than based on a pre-set
deadline.
For MSAs offering service to Joe Public, sure you'll want a CA-issued
cert.
--
Viktor.
