Earlier this year at the CA/Browser forum Spring event, Apple announced that from September 1st the validity period for public SSL/TLS certificates would reduce from 2 years to 398 days. With this sentiment echoed by Google at the CA/Browser Summer event in June, it is now an industry-wide mandate. Why has the certificate lifetime been reduced? Historically, the lifetimes of certificates have often been debated at these forums, with the arguments in support of shorter periods of validity grounded in security concerns. Amongst the benefits of shorter lifetimes is agility in reacting to any certificate-related threats. With certificates valid for shorter periods, there’s a more limited timeframe for attackers to find and exploit a vulnerability. A…
