Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Certificate Monitoring. Show all posts

Companies May Now Prepare for a Shorter TLS Certificate Lifespans


Google put forth a proposal on March 3 to substantially reduce the Transport Layer Security (TLS) digital certificate's validity period from 398 days to 90 days. Apparently, this will lead to a lot of changes in how businesses manage their certificates, especially when it comes to automated processes.

The proposal made by the open-source organization that created the Google Chrome browser and Chrome OS, which is outlined in a road map titled "Moving Forward, Together," is a step forward toward assuring more dependable, resilient Web operations. However, it will require organizations to transform their certification processes.

Current State of Digital Certificate 

Over the past years, digital certificates' lifespan has decreased drastically, from five years in 2012 to just over two years in 2018 to 13 months, or 398 days, in July 2020. Particularly in a cloud-based computing environment where websites and services are continuously spun up and down to accommodate shifting needs and priorities, shorter lifespans assist in assuring the legitimacy of digital identities.

According to Google, the changes proposed will speed up the adoption of new features, such as best practices and additional security capabilities, and encourage businesses to abandon manual methods, that are filled with errors. Automation as a result would better prepare businesses for the onset of post-quantum cryptography.

A Wake-up Call for Certificate Monitoring

The Chromium Projects' proposal to the CA/Browser Forum, a grouping of certification authorities (CA), browser manufacturers, and others, would most likely go into force by the end of 2024 if it were to be accepted. The likelihood of a significantly shorter lifespan should act as a wake-up call for organizations, even though the changes are not final. The suggestion is unmistakable evidence that the rules of the game have changed, thus they need to have more control and visibility over their public keys and certificates.

Years ago, teams could obtain a certificate for something like a Web server and then essentially forget about it because certificates had a five-year lifespan. They never established a system for determining when certificates needed to be renewed or checked to see if they were about to expire, which might result in disruptions connected to certificates. Teams were eventually able to establish a routine and check for certificate expirations regularly thanks to the eventual reduction of certificate life to 398 days.

The visibility of TLS (also known as Secure Sockets Layer or SSL) certificates is crucial as businesses grow in the cloud. Additionally, teams need help managing the layered, increasingly complicated environments on the cloud. With the new validity period under consideration, the focus is now on automating the procedure.

The complete impact of Chromium Projects’ proposal is yet to be defined. It appears that there are a few unresolved issues, such as whether it may apply to the Internet of Things devices, such as, for instance, security cameras that also require certificates, or if it is restricted to simply Web servers.

Regardless of the outcome of the plan, it captures the realities of the current environment. While a shorter certificate lifespan is beneficial, businesses will need to reconsider how they will manage them effectively.