For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

buulam's avatar
buulam
Icon for Admin rankAdmin
Mar 14, 2023

How's your certificate lifecycle management?

Just spotted this article, Google limiting TLS certificate validity to 90 days. https://securityboulevard.com/2023/03/google-announces-intentions-to-limit-tls-certificates-to-90-days-why-automated-...
security
Chase_Abbott's avatar
Chase_Abbott
Icon for Admin rankAdmin
Mar 14, 2023

They do this.  When you have that much browser marketshare, standards are suggestions.  Member when Chrome quietly dropped secp521r1 and broke a TON of internal CAs?  It might not have been in any NIST recommended ciphers but damn, it doesn't mean it's not in use.

The issue with this is for internal and CA's that might not be fully automated now have to drop other balls to make sure that users using Chrome don't go high and dry.

I get it, I get the need, but it's akin to forcing longer passwords. Benefit to practical risk of not having 90 day certs?  

Discuss.