Sysadmin

8607 readers

146 users here now

A community dedicated to the profession of IT Systems Administration

No generic Lemmy issue posts please! Posts about Lemmy belong in one of these communities:
[email protected]
[email protected]
[email protected]
[email protected]

founded 2 years ago

MODERATORS

[email protected]

TLS Certificate Lifetimes Will Officially Reduce to 47 Days (in 2029) (www.digicert.com)

submitted 15 hours ago by [email protected] to c/[email protected]

19 comments fedilink hide all child comments

From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.

As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.

As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.

As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.

What's everyone's opinion on this? I think from a security standpoint their reasoning is valid and in many cases it's very easy to automate the renewal with ACME or something else. But there's likely gonna be legacy stuff still around in 2029 that won't be easy to automate.

you are viewing a single comment's thread
view the rest of the comments

[–] enumerator4829 41 points 14 hours ago (2 children)

This will be so much fun for people with legacy systems

[–] [email protected] 16 points 14 hours ago* (last edited 14 hours ago) (2 children)

Self signed certs about to get even more popular.

[–] [email protected] 2 points 8 hours ago

Self signed certs still have to abide. It’s the browser that checks it not the issuer. Now granted in most cases you already get a non trusted warning that most sysadmins skip…

[–] enumerator4829 9 points 14 hours ago

Tony Stark was able to build his CA in a cave! With a bunch of dice!

[–] [email protected] 8 points 13 hours ago

This way it will gradually ramp up the pain tho. If they went straight to 47 days, basically the entire internet would be gone for a few days.