Forum Discussion
Solved
Google Chrome limits the validity of SSL Certificates to one year
Dear Edge developers Google has recently announced to limit the validity of certificate to one year (398 days) starting in September 2020 (see https://www.certisur.com/en/google-chrome-limits-the...
stesch79 These changes apply to certificates that are rooted to a public CA trust anchor. Certificates that are rooted to a private PKI CA (“locally-trusted anchor”) are not limited this way.
ReadyToDiscuss
Microsoft
Microsoft
Can you please confirm on what happens to
- Mobile Applications using SSL Pinning feature.
- Installed Mobile Applications using channel encryption (using TLS based communication )
- Clients like Cisco AnyConnect using Internal CA issued User Certificate but the Target VPN Services would be Public Certificates.
Eric_LawrenceMicrosoft
MicrosoftI don’t think any of these topics are related to the TLS cert validity change.
1. Mobile Applications using SSL Pinning feature.
This isn’t a question for Microsoft but for Apple/Google. Both iOS and Android platforms will probably impose the lifetime limit for certificates across the whole OS. Pinning can be implemented in different ways, but that’s not really related to the certificate lifetime.
2. Installed Mobile Applications using channel encryption (using TLS based communication )
This is fundamentally the same question as #1.
3. Clients like Cisco AnyConnect using Internal CA issued User Certificate but the Target VPN Services would be Public Certificates.
It’s not really clear what is meant here; a User Certificate sounds like you’re talking about a Client Certificate; this change applies to TLS server certificates.
1. Mobile Applications using SSL Pinning feature.
This isn’t a question for Microsoft but for Apple/Google. Both iOS and Android platforms will probably impose the lifetime limit for certificates across the whole OS. Pinning can be implemented in different ways, but that’s not really related to the certificate lifetime.
2. Installed Mobile Applications using channel encryption (using TLS based communication )
This is fundamentally the same question as #1.
3. Clients like Cisco AnyConnect using Internal CA issued User Certificate but the Target VPN Services would be Public Certificates.
It’s not really clear what is meant here; a User Certificate sounds like you’re talking about a Client Certificate; this change applies to TLS server certificates.
Eric_Lawrence I have a similar question . We also use Cisco AnyConnect using Internal CA and issued User certificate EKU client authentication (User Template) and our VPN appliances uses internal CA as well EKU server authentication certificate (WebServer template) . Can you please confirm what happens with the validity check in this case?
Thanks
- Eric_LawrenceInternal CAs not chained to a public root do not change.
Client authentication certificates do not change.
