Dňa 26. júna 2025 19:46:47 UTC používateľ "Fehlauer, Norbert via mailop" <[email protected]> napísal: >Hi all, > >just want to ask if there is a best practice DANE handling when not using >automatism but "normal" 1 year public certificates. Usually 3 1 1 for the >actual used certificate is fine. But having a rollover scheme is something I >don't fully understand.
Are you aware that despite of how long is cert valid, once it will expire and you will need its rollower? >Should I use the 2 0 1 Trust Anchor of the actual used certificate or should I >only publish another 3 1 1 record as soon as I get the next certificate >(usually a few days before the first one expires). IMO, awoid to use 2 x x if issuing CA is not under your control, as that cert can change without your notice. regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list [email protected] https://list.mailop.org/listinfo/mailop
