Is it necessary to generate a new SSL request each year?
Mel Flynn
mel.flynn+fbsd.questions at mailing.thruhere.net
Thu Apr 30 05:42:57 UTC 2009
On Thursday 30 April 2009 01:05:50 Robert Huff wrote:
> Dan Nelson writes:
> > > When buying a new SSL cert, I've been generating a new
> > > request each year... I am just about to buy another and it
> > > occurred to me that I'm entering the same info. Do I really
> > > need a new request file each year? Or can I just reuse the
> > > same one (presuming none of the info has changed.)
> >
> > You can reuse the old one.
>
> I'm not an expert on these, but it was my understanding that
> certificates carry in internal "expiration date" after which the
> application may respond as it pleases.
Yes, but the *request* does not.
Also, if using openssl, just set the defaults in /etc/ssl/openssl.cnf to your
values, so you can enter through the questions.
--
Mel
More information about the freebsd-questions
mailing list