Technical Forum
Ask questions. Discover Answers.
Showing results for 
Search instead for 
Did you mean: 
Custom Alert Banner

How's your certificate lifecycle management?

Community Manager
Community Manager

Just spotted this article, Google limiting TLS certificate validity to 90 days.

@buulam /

F5 Employee
F5 Employee

They do this.  When you have that much browser marketshare, standards are suggestions.  Member when Chrome quietly dropped secp521r1 and broke a TON of internal CAs?  It might not have been in any NIST recommended ciphers but damn, it doesn't mean it's not in use.

The issue with this is for internal and CA's that might not be fully automated now have to drop other balls to make sure that users using Chrome don't go high and dry.

I get it, I get the need, but it's akin to forcing longer passwords. Benefit to practical risk of not having 90 day certs?