Google Corporation, according to the resource Dark Reading, is taking the initiative to reduce the validity period of TLS (Transport Layer Security) certificates for websites and other online communications by several times. It is expected that this will improve the security situation on the Internet and make it more difficult for attackers to carry out fraudulent activities.
In 2020, the maximum validity period for TLS certificates was limited to 13 months, or 398 days. Prior to that, it reached 27 months (825 days). And now Google is proposing to reduce the certificate renewal period to three months. As planned by Google, the new requirements can be introduced either in the form of changes to the TLS use policy, or in the format of voting on the CA / B forum (Certification Authority Browser Forum). If the new rules are adopted, companies will be forced to renew each TLS certificate four times a year.
This may not be the easiest task, given that most businesses have a lot of certificates, and their number is growing rapidly. It will be necessary to implement, if possible, fully automated systems for issuing certificates that will solve the current problems associated with the human factor. The fact is that the “manual” process can be unreliable, since it includes many operations: this is the identification of certificates that are expiring, the issuance of new ones, the revocation of old ones, and the activation of issued certificates.
Either way, the new rules could come into effect by the end of 2024. However, given the market share of the Chrome browser alone, Google can push its decision without consulting with almost anyone. Russia has a special way.
If you notice an error, select it with the mouse and press CTRL + ENTER. | Can you write better? We are always glad to new authors.