Apple recently announced a plan to significantly reduce the lifespan of SSL/TLS security certificates from 398 days to just 45 days by 2027, causing an uproar among system administrators. Many sysadmins have expressed their frustration with this proposal, citing the increased workload and manual effort required to replace certificates more frequently.
The proposal, which was revealed during the Certification Authority Browser Forum (CA/B Forum) fall meeting, aims to enhance internet security by requiring site owners to replace certificates more often. This move follows a trend in the industry of decreasing the maximum lifespan of certificates in order to prevent criminals from exploiting compromised website certificates.
While the intention behind shorter certificate lifespans is to improve overall internet security, sysadmins are concerned about the burden of managing expired certificates falling on their shoulders. Many sysadmins have taken to online forums like Reddit to voice their concerns and share their experiences with managing SSL/TLS certificates.
In addition to Apple’s proposal, Google has also been pushing for shorter certificate lifespans, with plans to reduce the maximum TLS server authentication subscriber certificate validity to 90 days. These changes have left many sysadmins feeling overwhelmed and worried about how they will manage the increased workload.
Certificate provider Sectigo, which sponsored Apple’s proposal, acknowledged that the shortened lifespans will pose challenges for busy IT security teams. The company’s Chief Compliance Officer, Tim Callan, suggested that automating certificate management will be crucial for businesses moving forward.
However, some sysadmins have raised concerns about the limitations of automation, particularly for network appliances that require SSL certificates and cannot be automated. This has led to frustrations among sysadmins who rely on manual processes to renew certificates for devices that do not support automation.
As the debate around shorter SSL/TLS certificate lifespans continues, it is clear that sysadmins are facing new challenges in managing internet security. While the industry shifts towards shorter certificate lifespans to enhance security, sysadmins will need to adapt to new requirements and find innovative solutions to efficiently manage SSL/TLS certificates in the future.
