Google wants to shorten SSL/TLS certificate validity period to 90 days

Google wants to shorten the validity period of digital certificates for websites to 90 days. This puts even more focus on automated certificate management.

The duration of digital certificates has already been reduced several times. Most recently in September 2020 from two years to 13 months. Now Google wants to drastically reduce the validity period again. They give various reasons for this in an article on the Chromium Project blog. Among them are the promotion of automation, the reduction of errors in certificate issuance and the preparation for the post-quantum world.

On the one hand, digitalisation facilitates and accelerates work processes, but it also requires a higher level of security. In the course of a year, a lot changes in the business world. In order to still ensure a high level of security, shortening certificate validity periods is an effective measure. The idea behind this is that certificates valid for longer than 90 days pose a greater risk. They can potentially be misused by attackers. Shortening the lifetime of digital certificates thus reduces the risk of attacks.

However, the impact does not only affect browser manufacturers and certification authorities, which have to adjust to the new situation and, for example, a massive increase in certificate requests. Numerous companies have to renew their digital certificates more frequently. If certificate management is not automated, this results in a lot of work. Expiry dates have to be kept track of, new certificates applied for and provided, old certificates revoked. Since most companies have many certificates in use which are constantly growing in number anyway, this can no longer be done manually four times a year.

With essendi xc we offer a certificate management tool that effectively supports you through extensive automation from certificate application to deployment in the target systems. We would be happy to demonstrate our tool to you in a live demo.

The lifetime reduction of digital certificates to 90 days has not yet been finally decided. It is only a proposal of the Chrome team, which still has to be discussed in the CA/Browser Forum. A decision is expected at the end of March / beginning of April 2023. We will continue to keep you informed and prepare more detailed information.