Forum Discussion

Iron Contributor

Jun 30, 2020

Solved

Google Chrome limits the validity of SSL Certificates to one year

Dear Edge developers Google has recently announced to limit the validity of certificate to one year (398 days) starting in September 2020 (see https://www.certisur.com/en/google-chrome-limits-the...

certificate

https

validity

Eric_Lawrence
Jul 02, 2020
stesch79 These changes apply to certificates that are rooted to a public CA trust anchor. Certificates that are rooted to a private PKI CA (“locally-trusted anchor”) are not limited this way.

See also https://source.chromium.org/chromium/chromium/src/+/master:net/docs/certificate_lifetimes.md?q=certificate%20lifetime&ss=chromium&originalUrl=https:%2F%2Fcs.chromium.org%2F

Eric_Lawrence

Microsoft

Jul 02, 2020

stesch79 These changes apply to certificates that are rooted to a public CA trust anchor. Certificates that are rooted to a private PKI CA (“locally-trusted anchor”) are not limited this way.

stesch79

Iron Contributor

Jul 02, 2020

Eric_LawrenceThanks for the link! That's reassuring!

But what about the validity check itself? I assume Edge Chromium will also implement that check sooner or later?

Eric_Lawrence
Microsoft
Jul 02, 2020
Yes, for certificates that chain to public CAs, we will have the same check as Chrome, shipping in the same Stable version.
- ThiloLangbein
  Brass Contributor
  Aug 06, 2020
  And company internal CA‘s are not affected?
  - Eric_Lawrence
    Microsoft
    Aug 06, 2020
    ThiloLangbein - Certificates that are rooted to a private PKI CA (“locally-trusted anchor”, which is trusted only because the user or admin added it to the client) are not limited this way.
    
    It is extremely rare for a company to have an internal CA that chains back to a publicly trusted root (although it is not impossible. Microsoft has such a CA, as does at least one of the major CA companies).