The validity period of newly issued SSL/TLS certificates is limited to a maximum of 398 days, starting from September 1, 2020

by ·

The SSL/TLS protocol is currently one of the most important infrastructures on the Internet. If there is no data encryption, the development of the Internet might not be so fast.

The most common data encryption at present is the HTTPS transport layer security protocol, which uses SSL/TLS digital certificates to ensure that the user and sender information is not stolen.

The initial validity period of digital certificates was as long as 10 years, but in the past 10 years, the validity period of digital certificates has been greatly shortened, from 8 years to 5 years, and from 5 years to 2 years.

From September 1, 2020, the validity period of a digital certificate can only be 398 days. Why is the validity period of a digital certificate continuously shortened?

Firefox HTTPS-only mode

“https” by Sean MacEntee is licensed under CC BY 2.0

According to the latest regulations after discussion in the issuer/browser forum, the validity period of a newly issued digital certificate from September 1st shall not exceed 398 days or 13 months.

If the certificate start date exceeds this requirement, the browser will not trust it, and the result of the browsers untrusting is that it directly refuses to load the web page and cannot browse.

For example, a certificate that has exceeded the date shows an ERR_CERT_VALIDITY_TOO_LONG error on Google Chrome, which means that the validity period of the certificate exceeds the limit.

Google Chrome regards this error as a certificate issuance error, that is, an invalid digital certificate. Of course, Google Chrome will refuse to load and not allow users to browse.

Every time the issuing authority and the browser forum discuss reducing the validity period of the certificate are based on security considerations, in fact, most of these are proposed by browser developers.

At present, browser developers are more powerful, so certificate authorities can only listen. In fact, authorities prefer to be able to issue longer certificates.

Tags: