One-Year Public-Trust SSL Certificates: DigiCert’s Here to Help

By now you’ve likely heard about Apple’s announcement at the February 2020 Certificate Authority/Browser Forum meeting that they will no longer accept publicly trusted TLS webserver certificates valid for longer than 398 days after Sept. 1, 2020 in the Mac OS and iOS platforms. The CA/B Forum had previously voted down an initiative to reduce […]

Position on 1-Year Certificates

Three, Two, One, Liftoff on One-Year TLS Certificates At the CA/Browser (CA/B) Forum in Bratislava, Slovakia, this week, Apple announced that beginning Sept. 1, newly issued publicly trusted TLS certificates are valid for no longer than 398 days. This followed a long history of the CA/B Forum community working to reduce certificate lifetimes and improve […]

New CA/B Forum Proposal to Shorten Certificate Lifetimes: Will It Improve Security?

A new CA/Browser Forum proposal being discussed now would shorten maximum certificate lifetimes to 13 months. This comes after lifetimes were reduced from 39 to 27 months, effective March 2018. If passed, these changes would go into effect in March 2020. This blog analyzes the merits of this proposal and how the proposed security benefit […]

DigiCert pushes underscore extension

Earlier this year, certain browsers in the CA/Browser Forum mandated that underscore certificates be revoked immediately due to new interpretations of the RFC 1034 standard that is incorporated by reference into the CA/Browser Forum Baseline Requirements. This resulted in an ongoing discussion in the CA/Browser Forum over the course of this year: should underscore certificates […]

No more unnecessary password changes for Certificate Authorities

After over a year of effort, Ballot SC3 was just unanimously passed by the CA/Browser Forum. This is the first major upgrade to the Network and Certificate System Security Requirements to come out of the Forum’s Network Security Working Group. It contains several important improvements, but one is especially important: removing the requirement that passwords […]