From today until March 15, 2026, the maximum lifetime for a TLS certificate is 398 days.
As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
What’s everyone’s opinion on this? I think from a security standpoint their reasoning is valid and in many cases it’s very easy to automate the renewal with ACME or something else. But there’s likely gonna be legacy stuff still around in 2029 that won’t be easy to automate.
Self signed certs about to get even more popular.
Self signed certs still have to abide. It’s the browser that checks it not the issuer. Now granted in most cases you already get a non trusted warning that most sysadmins skip…
The cert is what tells the browser how long it lasts, so I’m not sure how the browser can stop you from using a 10 year self signed cert or one from your own CA
Tony Stark was able to build his CA in a cave! With a bunch of dice!