CA/Browser Forum’s Ballot SC31 to reduce TLS certificates to 398 days from the present 825 days.
Bruce Mitchell
Bruce_Mitchell at phoenix.com
Tue Sep 15 06:07:14 AEST 2020
The change to reduce the maximum validity period of TLS certificates to 398 days is being discussed in the CA/Browser Forum’s Ballot SC31
https://github.com/cabforum/documents/pull/195
https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/
> -----Original Message-----
> From: Bruce Mitchell
> Sent: Wednesday, February 12, 2020 09:53
> To: openbmc at lists.ozlabs.org
> Subject: bmcweb Security issue
>
> bmcweb Security issue: according to the The CA/Browser Forum
> https://cabforum.org/wp-content/uploads/CA-Browser-Forum-BR-
> 1.6.7.pdf ;
> Subscriber Certificates issued after 1 March 2018 MUST have a Validity
> Period no greater than 825 days.
>
> In bmcweb's ssl_key_handler.hpp we have:
> // Cert is valid for 10 years
> X509_gmtime_adj(X509_get_notAfter(x509),
> 60L * 60L * 24L * 365L * 10L);
>
> I believe we want this changed to the 825 days.
More information about the openbmc
mailing list