
On public TLS certificates lifetime
September 13, 2020
On September 1st, 2020, the maximum lifetime of TLS certificates signed by Public Certificate Authority got reduced to 13 months. How did we arrive here, and what’s to come? Let’s start from understanding who decides the maximum lifetime of certificates and many other limitations around them.
Who decides the TLS certificate guidelines
Ultimately, the client (often a browser or an operating system) identifies the certificate as trustable or not (based on the CA that signed it as well as many other parameters), so the client can decide which parameters to look for and which values are acceptable and which are not. This clients’ freedom makes the whole situation very messy since every client can decide their own set, and a subset of the options accepted by every client can be very small if not empty.
Read More