Articles I've written

Validity period of HTTPS certificates issued from a user-added CA is essentially 2 years
August 18, 2023

Since 2020, maximum lifetime of HTTPS certificates is limited to 1 year, exactly 398 days. I've previously written about the history and the reasons behind the change. But the reduced lifetime applies only to certificates issued from a public certification authority (CA) added to the operating system's or the browser's trusted root store by the vendor.

(read more…)

Maximum HTTPS certificate lifetime to be 1 year soon
February 21, 2020 (updated September 2, 2020)

In February 2020 at the CA/Browser Forum in Bratislava, Slovakia (and later officially), Apple has announced that starting September 1st, 2020, maximum TLS certificate lifetime in Safari (and probably in the whole macOS and iOS and all apps) will be just 1 year, 398 days exactly. Apple's change has been followed by both Chrome and Mozilla later that year. That's very good news. But why?

(read more…)

Disable TLS 1.0 & 1.1 today
October 16, 2018 (updated March 23, 2021)

Microsoft, Google, Apple & Mozilla announced yesterday that they're removing TLS 1.0 and TLS 1.1 protocols from Internet Explorer, Edge, Chrome, Safari & Firefox browsers in the beginning middle of 2020. Your visitors most probably don't use them already so you can disable them in your server configs today. But let's verify that first using the “Handshake Simulation” tool available in the SSL Labs Server Test.

(read more…)

All articles