Help
Technical Forum
Ask questions. Discover Answers.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Technical Forum Quicklinks: No Replies | Active-Not Solved | Recent Solutions
Custom Alert Banner

F5 AppWorld 2024 session proposal deadline extended to Friday, December 8th!

How's your certificate lifecycle management?

buulam
Community Manager
Community Manager

‎14-Mar-2023 09:30

Just spotted this article, Google limiting TLS certificate validity to 90 days.

https://securityboulevard.com/2023/03/google-announces-intentions-to-limit-tls-certificates-to-90-da...

~~~~~~~~~~~~~~~~~~
@buulam / YouTube.com/DevCentral
Labels:
0 Kudos
1 REPLY 1

Chase_Abbott
F5 Employee
F5 Employee

‎14-Mar-2023 10:22

They do this.  When you have that much browser marketshare, standards are suggestions.  Member when Chrome quietly dropped secp521r1 and broke a TON of internal CAs?  It might not have been in any NIST recommended ciphers but damn, it doesn't mean it's not in use.

The issue with this is for internal and CA's that might not be fully automated now have to drop other balls to make sure that users using Chrome don't go high and dry.

I get it, I get the need, but it's akin to forcing longer passwords. Benefit to practical risk of not having 90 day certs?  

Discuss.

Copyright © 2023 Khoros, LLC