Jun 30 2020 06:21 AM
Dear Edge developers
Google has recently announced to limit the validity of certificate to one year (398 days) starting in September 2020 (see https://www.certisur.com/en/google-chrome-limits-the-validity-of-ssl-certificates-to-one-year/)
Is this already planned to be addressed in Edge Chromium?
If yes, will there be a policy to exclude certain domains from this validation?
Background: In our company we use 2 year certificates (released by our internal PKI) and we want to understand the impact once the new validity check is available in Edge Chromium as well.
Regards,
Stephan
Jul 02 2020 09:16 AM
Solution@stesch79 These changes apply to certificates that are rooted to a public CA trust anchor. Certificates that are rooted to a private PKI CA (“locally-trusted anchor”) are not limited this way.
Jul 02 2020 09:45 AM
@Eric_LawrenceThanks for the link! That's reassuring!
But what about the validity check itself? I assume Edge Chromium will also implement that check sooner or later?
Jul 02 2020 11:57 AM
Aug 06 2020 12:17 PM
Aug 06 2020 12:31 PM
@ThiloLangbein - Certificates that are rooted to a private PKI CA (“locally-trusted anchor”, which is trusted only because the user or admin added it to the client) are not limited this way.
It is extremely rare for a company to have an internal CA that chains back to a publicly trusted root (although it is not impossible. Microsoft has such a CA, as does at least one of the major CA companies).
Sep 08 2020 03:00 AM
Can you please confirm on what happens to
Sep 08 2020 06:11 AM
Sep 18 2020 08:23 AM
@Eric_Lawrence I have a similar question . We also use Cisco AnyConnect using Internal CA and issued User certificate EKU client authentication (User Template) and our VPN appliances uses internal CA as well EKU server authentication certificate (WebServer template) . Can you please confirm what happens with the validity check in this case?
Thanks
Sep 18 2020 09:31 AM
Jul 02 2020 09:16 AM
Solution@stesch79 These changes apply to certificates that are rooted to a public CA trust anchor. Certificates that are rooted to a private PKI CA (“locally-trusted anchor”) are not limited this way.