View Issue Details

IDProjectCategoryView StatusLast Update
0001494Main CAcert Websitecertificate issuingpublic2020-08-07 22:47
ReporterL10N Assigned To 
PriorityhighSeveritymajorReproducibilityhave not tried
Status closedResolutionduplicate 
Summary0001494: Shorten certificate lifetime to one year
Description(A) Shorten certificate lifetime to 395 days

or

(B) Allow the client/customer select the period of validity:
"valid 1 year (for websites mandatory)" 395 days
"valid 2 years (not suitable for websites)" 820 days
"valid 5 years (not suitable for websites)" 1900 days
Additional InformationThe maximum validity of certificates for proof of identity on the web will be further reduced – in the next step to one year. Apple declared that Safari will only accept certificates issued after September 1, 2020 if they are not valid for more than one year.

Now Mozilla and Google are following suit and creating facts. In the past, terms of 5 years were not unusual. Currently, certificates may still be issued for 2 years (more precisely: 825 days — i.e. plus some grace period). With the renewed tightening, Chrome, for example, delivers an ERR_CERT_VALIDITY_TOO_LONG if a certificate was issued after September 1, 2020 and is valid for more than 398 days.

see: https://blog.cacert.org/2020/06/browser-manufacturers-shorten-certificate-lifetime-to-one-year/
Tagscertificates, future, legal requirement
Reviewed by
Test Instructions

Relationships

duplicate of 0001482 newjandd Infrastructure host Limit validity period of new HTTPS certificates to one year 

Activities

There are no notes attached to this issue.

Issue History

Date Modified Username Field Change
2020-08-07 22:43 L10N New Issue
2020-08-07 22:43 L10N Tag Attached: certificates
2020-08-07 22:43 L10N Tag Attached: future
2020-08-07 22:43 L10N Tag Attached: legal requirement
2020-08-07 22:47 L10N Status new => closed
2020-08-07 22:47 L10N Resolution open => duplicate
2020-08-07 22:47 L10N Relationship added duplicate of 0001482