Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion
‎08-20-2019 01:56 PM
‎08-20-2019 01:56 PM

Certificate Lifecycle - is a shorter lifespan better?

I've always been a proponent for tight cert expiration dates. I really don't like anything much over a year and more like 6 months.  Because many certs can be reissued auto-magically I don't sweat the shorter time spans.  Yes, PKI certs are tad different story but again, why issue a cert for 3 to 5 years when most employees only last 1.23745 years?

 

Recently the standards body for browsers proposed a change.  A big CA house did not like the new proposal. Personally, I think their reasons for keeping it longer are lame. I'm curious as to what your thoughts are.

Reply
0 Kudos
1 Reply
apbanohit
Newcomer II
‎08-20-2019 03:07 PM
‎08-20-2019 03:07 PM

Good topic and opinions, I completely agree.  I think an annual certificate upgrade is a reasonable for any organization.   Good security is not easy or cheap.

Reply
0 Kudos