Reply to post:

23,000 HTTPS certs will be axed in next 24 hours after private keys leak

~chrisw

Pedantic is slightly unfair for some people, sometimes they're forced to be specific and have to handtool everything.

Some of the systems I've recently obtained certificates for have variable implementations of CSR generation - passably OK at best, deteriorating to crude or archaic at worst. They all have annoyingly long-winded and confusing routines to obtain the CSRs. This can even be from different products in the same family from a different vendor (and not cheap, either).

If only they could be automated! Once you step away from mainstream systems or devices, it quickly becomes pot luck. Sadly not every appliance will support offline generation or key replacement to facilitate the totally automated method you espouse.

I'm with you on automation but it seems a lot of other vendors still consider certificates an afterthought.

Heck, several of the appliances can ONLY generate CSRs which will always flag as invalid due to them not even having the CN as a SAN. And this is latest firmwares etc. Not much hope for the dream of total automation just yet...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon