Hacking and Programming

Daily News and Weekly Tutorials

download (1)

Maximum age of SSL/TLS will be 398 days from today

The HTTPS(HTTP protocol with SSL encryption) has became standard for website from the last decade. All the major browsers will mark most of the websites without HTTPS as insecure and depending on the privacy setting some browsers say the website as unavailable.

To increase the security of the certificates from today the lifespan of new TLS certificates will be limited to 398 days, a little over a year, from the previous maximum certificate lifetime of 825 days. Apple, Google, and Mozilla are set to reject publicly rooted digital certificates in their respective web browsers that expire more than 398 days from their creation date.

The lifespan of SSL/TLS certificates has decreased remarkably over the last decade. In 2011, the Certification Authority Browser Forum , a consortium of certification authorities and vendors of browser software, imposed a limit of five years, bringing down the certificate validity period from 8-10 years. In 2015, it was cut short to three years and two years again in 2018.

According to reports Certificates issued before the enforcement date won’t be impacted, neither those that have been issued from user-added or administrator-added Root certificate authorities (CAs).”Connections to TLS servers violating these new requirements will fail,” Apple explained in a support document. “This might cause network and app failures and prevent websites from loading.”For its part, Google intends to reject certificates that violate the validity clause with the error “ERR_CERT_VALIDITY_TOO_LONG” and treat them as misissued.

some SSL certificate providers, such as Digicert and Sectigo have already stopped issuing certificates with a two-year validity. While  developers and site owners, the development is a good time to implement certificate automation using tools such as Let’s Encrypt and EFF’s CertBot, which offer an easy way to set up, issue, renew, and replace SSL certificates without manual intervention.

However managing websites with Certificates with shorter life span can be an issue for many website owners as most are business and have very little understanding of the implemented technologies for websites to work.