Using openSSL, it looks like the maximum -days I can use is 11499 based on the conversation here. However, if I want to sign it by a certification authority, how long will be the maximum certification duration?
Asked
Active
Viewed 1,404 times
1
mercury
- 23
- 5
-
That OpenSSL limit was on the end time, not the duration as such, and only for now-obsolete versions of OpenSSL on 32-bit systems; it was an instance of the 'Y2038' bug. Current OpenSSL no longer has that bug (as you could have determined by a trivial test) and most systems today are 64-bit anyway. – dave_thompson_085 Mar 10 '21 at 05:05
-
Yet creating a certificate with validity of 1000 years yields a certificate that expires in 1852 :( – Yarek T Aug 10 '22 at 10:34
1 Answers
4
As of September 1, 2020, 12 months. This was a change agreed upon by the major certificate authorities and aligns with the wishes of the browser manufacturers (Apple, Mozilla, Chrome, etc.) You can still issue self-signed certificates via OpenSSL with whatever duration you wish, but you may run into trouble with browsers accepting them.
I believe the intent behind this policy change was to force people to pay more attention to their certificates. For example (just making up durations here), if I just purchased a 3 year certificate yesterday and installed it, and a security change (such as a weak encryption algorithm) is discovered today, I would not technically HAVE to replace the certificate until 3 years from now. With the new shorter durations, I will have to replace it within 1 year.
Brandon Xavier
- 2,022
- 13
- 15
-
1In addition, if the certificate is not to be verified by browsers, the certificate can be longer than 12 months. – garethTheRed Mar 01 '21 at 18:01
-
1Fair point! Although I would suggest that the overwhelming majority of certificates purchased/obtained are intended for end user/browsing traffic. Don't know, and it's probably of not much value to bring it up or discuss it, but it wouldn't surprise me if that percentage is > 98%. – Brandon Xavier Mar 01 '21 at 18:08