cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Flyslinger2
Community Champion

Certificate Lifecycle - is a shorter lifespan better?

I've always been a proponent for tight cert expiration dates. I really don't like anything much over a year and more like 6 months.  Because many certs can be reissued auto-magically I don't sweat the shorter time spans.  Yes, PKI certs are tad different story but again, why issue a cert for 3 to 5 years when most employees only last 1.23745 years?

 

Recently the standards body for browsers proposed a change.  A big CA house did not like the new proposal. Personally, I think their reasons for keeping it longer are lame. I'm curious as to what your thoughts are.

1 Reply
apbanohit
Newcomer II

Good topic and opinions, I completely agree.  I think an annual certificate upgrade is a reasonable for any organization.   Good security is not easy or cheap.