Saturday, December 14, 2024
HomeCyber Security NewsGoogle to Reduce SSL Certificate Lifespan to 90 Days

Google to Reduce SSL Certificate Lifespan to 90 Days

Published on

SIEM as a Service

Recently, Google declared its plan to reduce the maximum validity for public TLS (SSL) certificates from 398 to 90 days.

Under its “Moving Forward, Together” plan, Google intended to limit the maximum public TLS certificate validity to 90 days via “future policy updates or a CA/B Forum Ballot Proposal,” a small but crucial point that should be noted.

The maximum duration of a public SSL certificate has been reduced from three years to two years to one year, and now Google has said that it plans to shorten this duration to 90 days further.

- Advertisement - SIEM as a Service

This 90-day maximum will probably be in place by the end of 2024, while the exact date is unknown.

The ecosystem will avoid complex, tedious, and error-prone issuing procedures by encouraging automation and adopting practices that reduce certificate lifetime. 

“Reducing certificate lifetime encourages automation and adopting practices that drive the ecosystem away from baroque, time-consuming, and error-prone issuance processes,” Google.

Google mentions that these changes will speed up the adoption of new security capabilities and best practices and promote the adaptability needed to switch the ecosystem to quantum-resistant algorithms quickly. 

Also, less reliance on “broken” revocation checking solutions that cannot fail-closed and hence provide insufficient protection will result from shorter certificate lifetimes. 

Moreover, the impact of unexpected Certificate Transparency Log disqualifications will be lessened with shorter-lived certificates.

In addition, Google intended to shorten domain validation reuse periods to 90 days.

 “More timely domain validation will better protect domain owners while reducing the potential for a CA to mistakenly rely on stale, outdated, or otherwise invalid information resulting in certificate mis-issuance and potential abuse,” Google.

Automation is Essential for Reducing Risk

It will be extremely challenging to manually manage the renewal and deployment of each server certificate more than four times each year, necessitating more than four times the effort that IT security personnel already have to do for an already challenging task.

Given that most businesses do not have a small number of certificates, this is a significant increase. It involves hundreds or thousands of certificates rather than a few dozen that must be handled four times annually.

Automation becomes even more important in this situation, especially as the duration of domain validation reuse and the lifespan of TLS/SSL certificates are decreasing.

Hence, IT managers should explore certificate automation options, such as CA agnostic Certificate Lifecycle Management (CLM) platforms. These solutions can aid in automatically provisioning and installing renewal and replacement certificates and detecting certificates in enterprise environments regardless of the Certificate Authority issuing them.

Ultimately, businesses need a way to scale up the automation of digital certificate lifecycles. Automation is essential for risk reduction.

Building Your Malware Defense Strategy – Download Free E-Book

Related Articles:

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...

New Android Banking Malware Attacking Indian Banks To Steal Login Credentials

Researchers have discovered a new Android banking trojan targeting Indian users, and this malware...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

“Password Era is Ending,” Microsoft to Delete 1 Billion Passwords

Microsoft has announced that it is currently blocking an astounding 7,000 password attacks every...

Over 300,000 Prometheus Servers Vulnerable to DoS Attacks Due to RepoJacking Exploit

The research identified vulnerabilities in Prometheus, including information disclosure from exposed servers, DoS risks...

Reyee OS IoT Devices Compromised: Over-The-Air Attack Bypasses Wi-Fi Logins

Researchers discovered multiple vulnerabilities in Ruijie Networks' cloud-connected devices. By exploiting these vulnerabilities, attackers...