Over the last two months, the Apple policy announcement to reduce TLS/SSL validity periods to a maximum of 398 days has dominated many discussions we’ve have had with our partners and clients.
As my colleague Bruce Morton noted in his February 25th blog about this topic, there are many implications to a reduction in certificate validity period – including increased certificate management overhead to ensure that certificates are renewed and replaced before they expire.
Dealing with 398-day validity
It’s clear that automation and certificate management best practices will be key to ensuring organizations can meet the increased demand on their IT staff in managing the certificate lifecycle. Now more than ever, certificate validation should be considered part of the certificate lifecycle.
I’ve written and spoken previously about how, now more than ever, certificate validation should be considered part of the certificate lifecycle. TLS/SSL certificates are used to encrypt online channels, but they also include several pieces of identity information for a website and the organization that operates the website. Similar to other forms of identity, such as a passport, there is a validation process that occurs before the certificate can be issued to authenticate the information contained on those certificates.
Updates to certificate validation methods
There have been a number of changes to certificate validation methods in previous years, including changes to how frequently customers must undergo re-validation of their organization and domain information. The recent announcement from Apple does not change the current validation data re-use periods, which will continue to be 27 months for Organization Validated (OV) and 13 months for Extended Validation (EV).
But what if the trend continues and the period for OV re-validation changes to be in line with the new 398-day certificate lifetime? What are the implications? What best practices should organizations be looking to put in place today around their certificate validation process to make sure they stay ahead of any new potential changes?