×
INTELLIGENT WORK FORUMS
FOR COMPUTER PROFESSIONALS

Log In

Come Join Us!

Are you a
Computer / IT professional?
Join Tek-Tips Forums!
  • Talk With Other Members
  • Be Notified Of Responses
    To Your Posts
  • Keyword Search
  • One-Click Access To Your
    Favorite Forums
  • Automated Signatures
    On Your Posts
  • Best Of All, It's Free!
  • Students Click Here

*Tek-Tips's functionality depends on members receiving e-mail. By joining you are opting in to receive e-mail.

Posting Guidelines

Promoting, selling, recruiting, coursework and thesis posting is forbidden.

Students Click Here

Jobs

Verify your certificates are being issued for no more than 27 months (825 days to be exact)
2

Verify your certificates are being issued for no more than 27 months (825 days to be exact)

Verify your certificates are being issued for no more than 27 months (825 days to be exact)

2
(OP)
Certificates issued after July 1st 2019 with a validity period of greater then 825 days are going to give you a headache with the upcoming release of iOS-13, macOS-10.15 and Android-Q. Additionally, the DNS will be required in the Subject Alternate Name (SAN) extension even if the DNS matches the common name. You need to take a proactive look at your environment if using iOS and Android devices. System Manager defaults may have been changed. The validity period for certificates has changed in the CA Browser Forum spec and currently sits at 27 months.. As all vendors are becoming more security conscious they are aligning policies with public CA requirements. This may have an impact on your internal Certificate Authorities including System Manager.

RE: Verify your certificates are being issued for no more than 27 months (825 days to be exact)

You, sir, are doing the lord's work. Thank you.

RE: Verify your certificates are being issued for no more than 27 months (825 days to be exact)

https://community.letsencrypt.org/t/signed-certifi...
https://www.certificate-transparency.org/how-ct-wo...

https://support.apple.com/en-ca/HT205280

Anyone hear anything else about this?

The Apple link says that certs can be longer, but require more SCTs. I read that as meaning a 'secure certificate timestamp' is a thing the CA issuing you your cert provides in your certificate. It's another layer of validation. Instead of just being "the godaddy CA issued this cert" it also means "godaddy submitted this to the Google or whatever else certificate transparency log and got these stamps for you'.

Looks like the more stamps you got, the longer your cert can be good as far as Apple's concerned. And it might be only 15 months if you don't have enough signed cert stamps.

Red Flag This Post

Please let us know here why this post is inappropriate. Reasons such as off-topic, duplicates, flames, illegal, vulgar, or students posting their homework.

Red Flag Submitted

Thank you for helping keep Tek-Tips Forums free from inappropriate posts.
The Tek-Tips staff will check this out and take appropriate action.

Reply To This Thread

Posting in the Tek-Tips forums is a member-only feature.

Click Here to join Tek-Tips and talk with other members! Already a Member? Login

Close Box

Join Tek-Tips® Today!

Join your peers on the Internet's largest technical computer professional community.
It's easy to join and it's free.

Here's Why Members Love Tek-Tips Forums:

Register now while it's still free!

Already a member? Close this window and log in.

Join Us             Close