MarketConnect Digicert SSL manual renewal changes
-
ResellerChoice shared this idea 3 years ago
- Automation
- Post the first comment
4
Votes
Login to Vote
Currently for SSLs that are standalone orders or don't have a valid connection to the hosting account, whmcs reuses the old CSR to renew the certificate.
This is bad for several reasons:
1. A new CSR is pretty much required for IIS, using a cert that is generated on a old one(i.e. no longer present in the system) is possible but is a manual & lengthy process
2. Re-using CSRs is bad practice, sometimes you need to change the cert details, or key length.
3. Re-using CSRs is a security issue in case your private key is leaked.
References:
https://www.geocerts.com/support/do-i-need-a-new-csr-to-renew-my-ssl-certificate
https://www.namecheap.com/support/knowledgebase/article.aspx/9472/2217/can-i-use-my-old-csr-for-ssl-renewal
https://security.stackexchange.com/questions/131188/do-i-need-a-new-csr-for-a-certificate-renewal
We would like to see the ability to turn off the automated renewals and the ability to submit a new CSR for each renewal as well as a TODO entry for the renewal.
This is bad for several reasons:
1. A new CSR is pretty much required for IIS, using a cert that is generated on a old one(i.e. no longer present in the system) is possible but is a manual & lengthy process
2. Re-using CSRs is bad practice, sometimes you need to change the cert details, or key length.
3. Re-using CSRs is a security issue in case your private key is leaked.
References:
https://www.geocerts.com/support/do-i-need-a-new-csr-to-renew-my-ssl-certificate
https://www.namecheap.com/support/knowledgebase/article.aspx/9472/2217/can-i-use-my-old-csr-for-ssl-renewal
https://security.stackexchange.com/questions/131188/do-i-need-a-new-csr-for-a-certificate-renewal
We would like to see the ability to turn off the automated renewals and the ability to submit a new CSR for each renewal as well as a TODO entry for the renewal.
Post the first comment
Login to post a comment.