On Sun, Feb 01, 2015 at 11:42:30PM +0100, li...@rhsoft.net wrote: > >For MSAs offering service to Joe Public, sure you'll want a CA-issued > >cert. > > I only referred to "the interval between expiry is long enough that I get to > learn everything over from first principles every time I have to replace a > cert"
Yes, I know. Certainly, if one going to have to relearn each time, capturing the knowledge in a script or README file is a very good IDEA. That's what I'm doing with DNSSEC key generation and key rotation. -- Viktor.