From owner-freebsd-questions@FreeBSD.ORG  Thu Apr 30 05:42:56 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id B1A481065680
	for <freebsd-questions@freebsd.org>;
	Thu, 30 Apr 2009 05:42:56 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id 7E23B8FC1E
	for <freebsd-questions@freebsd.org>;
	Thu, 30 Apr 2009 05:42:56 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from sarevok.dnr.servegame.org (mailhub.rachie.is-a-geek.net
	[192.168.2.11])
	by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id 423807E837;
	Wed, 29 Apr 2009 21:42:55 -0800 (AKDT)
From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
To: freebsd-questions@freebsd.org
Date: Thu, 30 Apr 2009 07:42:32 +0200
User-Agent: KMail/1.11.2 (FreeBSD/8.0-CURRENT; KDE/4.2.2; i386; ; )
References: <624F45CA-1083-4DC2-8A98-DFE44B5B6CE8@identry.com>
	<20090429225158.GC91578@dan.emsphone.com>
	<18936.56654.494648.286696@jerusalem.litteratus.org>
In-Reply-To: <18936.56654.494648.286696@jerusalem.litteratus.org>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200904300742.32991.mel.flynn+fbsd.questions@mailing.thruhere.net>
Cc: John Almberg <jalmberg@identry.com>, Robert Huff <roberthuff@rcn.com>,
	Dan Nelson <dnelson@allantgroup.com>
Subject: Re: Is it necessary to generate a new SSL request each year?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Thu, 30 Apr 2009 05:42:57 -0000

On Thursday 30 April 2009 01:05:50 Robert Huff wrote:
> Dan Nelson writes:
> >  > When buying a new SSL cert, I've been generating a new
> >  > request each year...  I am just about to buy another and it
> >  > occurred to me that I'm entering the same info.  Do I really
> >  > need a new request file each year?  Or can I just reuse the
> >  > same one (presuming none of the info has changed.)
> >
> >  You can reuse the old one.
>
> 	I'm not an expert on these, but it was my understanding that
> certificates carry in internal "expiration date" after which the
> application may respond as it pleases.

Yes, but the *request* does not.
Also, if using openssl, just set the defaults in /etc/ssl/openssl.cnf to your 
values, so you can enter through the questions.
-- 
Mel