Sysadmin

10254 readers

2 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
!lemmy@lemmy.ml
!lemmyworld@lemmy.world
!lemmy_support@lemmy.ml
!support@lemmy.world

founded 2 years ago

MODERATORS

DarraignTheSane@lemmy.world

00Lemming@lemmy.world

L3s@lemmy.world

135

TLS Certificate Lifetimes Will Officially Reduce to 47 Days (in 2029) (www.digicert.com)

submitted 2 months ago by JRaccoon@discuss.tchncs.de to c/sysadmin@lemmy.world

34 comments fedilink hide all child comments

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.

As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

What's everyone's opinion on this? I think from a security standpoint their reasoning is valid and in many cases it's very easy to automate the renewal with ACME or something else. But there's likely gonna be legacy stuff still around in 2029 that won't be easy to automate.

you are viewing a single comment's thread
view the rest of the comments

[–] nazgul666@lemmy.world 5 points 2 months ago* (last edited 2 months ago) (3 children)

If I understand this correctly, it only affects certificates issued by public CAs (certificates for public websites, for example). So for certs issued by a company CA (e.g. for internal infrastructure), it should not apply. Can anyone confirm?

[–] ClemaX@lemm.ee 6 points 2 months ago

True. Technically the bounds for the validity period are from Jan 1, 1950 to Dec 31, 9999.

Source

load more comments (2 replies)