Uwe Dippel wrote:
New cert is very much in order, since by default it lasts 12 months only. If I do it now, fine. If I don't, I have to dig up the whole lot over a short period.
Well, a correcter way of doing it if you're doing self-signed certs is to create a longer-lasting root cert and use that to sign other certs, and install the root cert on the clients once.
I don't want to encourage my users to get used to clicking "Yes" on the cert warning, that partially negates the point of using SSL.
