: Are there considerations for expiring SSL certs for inactive domains? I have a few domains that have effectively been "retired" though our company plans to keep them registered in perpetuity.
I have a few domains that have effectively been "retired" though our company plans to keep them registered in perpetuity.
However, soon a few of the SSL certs for the inactive domains are set to expire. Are there any security considerations for simply allowing them to expire?
Any other considerations for the actual expired cert files on the servers?
More posts by @Murray432
1 Comments
Sorted by latest first Latest Oldest Best
No, there isn't. Just let the certificates expire (don't renew them) and they'll become useless.
Note that you should also remove (at least) all A/AAAA/MX/CNAME records for your domains if you don't want users to go to old domain and get SSL certificate warnings (or invalid or outdated content) and thus get worried (lowering your reputation).
Also, if you want to retire domains much sooner (eg. domain expires before certificates) and do not want bad people (that somehow had access to your old certificates/private keys - should not happen normally, but depending on your situation may be possible - like laid off disgruntled sysadmins) to buy expired domains and impersonate you with valid SSL, you should also revoke said SSL certificates before they expire.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.