just wanted to share something with you quickly folks,
imaging you've got 1y running wildcard cert on your All-In-One Standalone Appliance (R80.10 certainly) and when the cert is due nearly 14 days before you receive the notification from your CA. All good fine and then, you renew it with CA, pay the fee (in my case it was 116 USD for 2y) and you've got to face another quite easy but tricky challenge:
1. should I renew my *.domain by Dash?
2. should I renew my *.domain by Bash?
3. should I make it from scratch with new CSR, KEY and new CA etc ?
3. or should I rather make it completely automated as CP suggest in few sk's and do it via Dash from GW object?
I wonder what you prefer and have you ever faced similar challenge yourself with small or larger scale in your env.?
Just so you know I've picked option 3 and did that much much quicker doing it like I did year ago - this time I have a peace of mind for 2y hence my concerns whether it is worth it to do that "properly" with full control from bash, then import p12 to Dash and all done or ... pick another more "best practice" way? Bear in mind that some of the CAs does not support CP way (from Dash gw object) hence my questioning the whole operation in general ---
WHAT APPROACH is in your opinion:
A. better (more secure)
B. quicker (less hassle)
C. operationally more relevant and adequate?
D. for just ONE or MORE Wildcards ... what's more "automated" approach?
E. Which CA gave your more and which less hassle with "renew" from Dash? (COMODO says "get off me" when I tried ...
Would really appreciate your say as always thanks in advance