Die maximale Laufzeit von digitalen Zertifikaten für verschlüsselte Verbindungen zu Web- und anderen Servern wird sich künftig drastisch verkürzen. Im Jahre 2029 sind diese statt mit 398 Tagen nur noch mit 47 Tagen Laufzeit ausgestattet.
Zum Artikel: https://heise.de/-10352867?wt_mc=sm.red.ho.mastodon.mastodon.md_beitraege.md_beitraege&utm_source=mastodon
happened early April, but worth sharing. Certs will only have 47 days of validity by 2029. validity lengths will progressively get shorter from march 2026 until then. Reusing domain validation material will be limited to 10 days.
IMO this is a very good thing.
this is diff to the very short validity certs that can be issued now. Lets Encrypt will offer 6 day certs by end of yr
How TCP really works: Top 3 things you need to know!
YouTube video with the amazing Chris Greer: https://youtu.be/Auwn3RWapRE
#curl 8.13.0 has been released (#libcurl / #Haxx / #DICT / #FILE / #FTP / #FTPS / #Gopher / #HTTP / #HTTPS / #IMAP / #IMAPS / #LDAP / #LDAPS / #MQTT / #POP3 / #POP3S / #RTMP / #RTMPS / #RTSP / #SCP / #SFTP / #SMB / #SMBS / #SMTP / #SMTPS / #Telnet / #TFTP / #WebSocket / #SOCKS4 / #SOCKS5 / #SCRAM / #TLS / #HTTP2 / #HTTP3) https://curl.se/
Beschlossen: Lebensdauer für #TLS-Serverzertifikate sinkt auf 47 Tage | Security https://www.heise.de/news/47-Tage-CAs-und-Browserhersteller-beschliessen-kuerzere-Laufzeit-fuer-Zertifikate-10352867.html
https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days
The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
The maximum certificate lifetime is going down:
- As of March 15, 2026, the maximum lifetime for a TLS certificate will be 200 days.
- As of March 15, 2027, the maximum lifetime for a TLS certificate will be 100 days.
- As of March 15, 2029, the maximum lifetime for a TLS certificate will be 47 days.
#Freenginx 1.27.6 has been released (#nginx / #http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://freenginx.org/
#nginx 1.27.5 (dev) has been released (#http / #http2 / #http3 / #httpd / #Web / #Webserver / #TLS / #TLS13) https://nginx.org/
Build a fortress in the realm of the clouds. #FreeBSD #GCP #GoogleCloud #OpenSource #TLS https://cromwell-intl.com/open-source/google-freebsd-tls/?s=mc
#Development #Reports
TLS certificate lifespan is going down · It will gradually drop to 47 days by 2029 https://ilo.im/163cjr
_____
#CA #TLS #Certificates #Https #Privacy #Security #Network #WebDev #Frontend #Backend
I've developed a new unofficial metric for #burnout: what percentage of the images you've downloaded or created recently would qualify as shitposting.
Here are some of mine from the last month:
La durée de vie des certificats #TLS sera officiellement réduite à 47 jours, car les informations contenues dans les certificats deviennent de moins en moins fiables au fil du temps
https://securite.developpez.com/actu/371068/La-duree-de-vie-des-certificats-TLS-sera-officiellement-reduite-a-47-jours-car-les-informations-contenues-dans-les-certificats-deviennent-de-moins-en-moins-fiables-au-fil-du-temps/
Nur noch 47 Tage:
#Gültigkeit von #TLS - #Zertifikaten wird drastisch verkürzt
Ab 2029 dürfen #TLS-Zertifikate statt 398 nur noch höchstens 47 Tage lang gültig sein. Der von #Apple eingereichte Vorschlag hat breite Zustimmung erhalten.
Das #CA / #Browser #Forum hat beschlossen, die maximale Gültigkeitsdauer digitaler Zertifikate für den verschlüsselten Datenaustausch via #SSL / #TLS von aktuell 398 auf deutlich geringere 47 Tage zu reduzieren.
Oh hey, CAA records really work 
Switched one site from paid TLS certificate to LetsEncrypt and forgot to update DNS record. As expected, LetsEncrypt looks at and refuses to issue a certificate if CAA lists other issuer. Nice 
So it's official: TLS certificate lifetimes will reduce from the current max of 398 days to:
* 200 days in March 2026
* 100 days in March 2027
* 47 days in March 2029
For web servers/proxies etc. it's reasonably simple, at least for smaller orgs but for e.g. network kit it might be more of a challenge. Having a timeframe to aim at definitely focusses the mind!
Via @riskybiz / https://risky.biz/risky-bulletin-ca-b-forum-approves-47-day-tls-certs/
Specific schedule:
March 15, 2026 - Cert validity (and Domain Control Validation) limited to 200 days.
March 15, 2027 - Cert validity (and Domain Control Validation) limited to 100 days.
March 15, 2029 - Cert validity limited to 47 days and Domain Control Validation limited to 10 days.
There's gonna be a lot of complaints about this in change control meetings over the next year200 days.
Buckle up, kids. Automate your certificate rotations or die trying. WebPKI certificate validity period will be 47 days by 2029. https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
TLS Certificate Lifetimes Will Officially Reduce to 47 Days
https://www.digicert.com/blog/tls-certificate-lifetimes-will-officially-reduce-to-47-days
TLS certificate lifespan to go down to 47 days on 15 March 2029. It starts to go down to 200 days on 15 March 2026.
https://www.bleepingcomputer.com/news/security/ssl-tls-certificate-lifespans-reduced-to-47-days-by-2029/
- - -
La validité des certificats TLS descendra à 47 jours à compter du 15 mars 2029. Cela commencera à 200 jours à compter du 15 mars 3026.
// Article en anglais //
SSL/TLS Certificate Lifespans Slashed to 47 Days: A New Era of Security Management
The CA/Browser Forum's decision to reduce SSL/TLS certificate lifespans to just 47 days by 2029 marks a pivotal shift in cybersecurity practices. This change aims to enhance security by minimizing ris...
⁂ 
