Re: Expired certificate

[Marsh Ray <marsh () extendedsubset com>]

On 07/23/2010 12:29 PM, Meadow wrote:
> If your organization really did have the expiration staggered at every 2
> days, then you should take a bunch of servers (grouped by
> segment/application/whatever makes sense in your environment) and renew
> all the certs on that group of servers at once, even if they aren’t all
> quite expired yet.

+1. Yeah there's no good reason to wait until the very last day.

> You should also fire your program manager.

Well, more precisely, the guy who was around three years ago.

Who is probably you, because you were promoted to be the current guy's 
boss due to your ability to complete large numbers of tasks on time. So 
you should fire yourself. Alternatively, since the current team is now 
blessed with the hard-won wisdom gained from your pioneering mistakes, 
you should raise their quotas, cut their staff, and take credit for the 
improved efficiency. Which sounds better to you?

Anyone in IT very long knows how common it is for the chickens to 
actually come home to roost on the same guy that laid 'em.

> The
> savings in labor and down-time would make up for the one-time cost of
> renewing some certs prematurely.

Still there could be some legitimate cases where it might happen. E.g.,
a paid hosting situation where the initial signup is self-service, but 
renewals are covered under some support package.

- Marsh

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/