Be ready for the Certificate 398-Day Browser Limit

From September 1, 2020, SSL/TLS Certificates will have a maximum lifetime of 398 days. Certificates with longer lifetime can be blocked and your services unreachable.

Both Apple and Google has done public announcements that the limit will be implemented September 1.

“TLS server certificates issued on or after September 1, 2020 00:00 GMT/UTC must not have a validity period greater than 398 days.
This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS”

https://support.apple.com/en-us/HT211025

“Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less. This will only apply to TLS server certificates from CAs that are trusted in a default installation of Google Chrome, commonly known as “publicly trusted CAs”, and will not apply to locally-operated CAs that have been manually configured.”
https://chromium.googlesource.com/chromium/src/+/master/net/docs/certificate_lifetimes.md

As you can see, it will not affect your already existing certificates or your own Private CA. But from now on, the recommendation is to use less than 398 days also on these solutions.

Mr T-bone

Torbjörn Tbone Granheden is a Solution Architect for Modern Workplace at Coligo AB. Certified in most microsoft technologies and over 20 years as Microsoft Certified Trainer (MCT)

You may also like...

%d bloggers like this: