Remember when SSL certificates used to last three whole years? Then came the drop to one year. Painful, right? Well… brace yourself. By 2029, your SSL/TLS certificates will only last 47 days. Yes, just 47 days, and no, this isn’t a drill, and now the certificate expires eight times faster.This change is official. It’s not speculation. It’s not a tech blog rumor. It’s CA/B Forum approved, backed by the same group that sets the global standards for web security. And it’s going to impact everyone, whether you’re running a personal blog, an eCommerce empire, a small startup, or a global enterprise.The shorter lifespan of certificates improves security, reduces vulnerability, and promotes the adoption of automation certificate lifecycle management.
>>108204681>The shorter lifespan of certificates improves security, reduces vulnerability, and promotes the adoption of automation certificate lifecycle management.Yes that's correct, this is a good thing. As long as root certificates remain long-lived, there's no problem with this.
>>108204681This is going to be a lot of fun for companies managing the deployment of applications where customers or different subcontractors manage the domain's certificate. Shit is going to get soooo--- fucked up if they have to jump through the retard-wrangling hoops of ensuring the certificates are in order, every fucking month.
Bullshit, I can still buy certificates to whatever lenght I want, only letscrypt cert on my homelab have like 3 month renewal cycle
>>108204681Is this why Shitlab keeps expiring my personal access tokens?
>>108204790Your long lived certs will be flagged as insecure and invalid by browsers and clients, that's what this change actually means. Every browser and client will have to be configured to ignore "insecure" certs in order to use those.>Wow, we're so much more secure now that everybody is skipping cert validation completely
phones ruined everything. a residential proxy can shit up everything. they have to make the cert shorter than a phone bill.
Certs were a workaround, never a solution. Now we have workarounds for the workarounds for the workarounds because security theater is big business
>>108204681I have this sneaking feeling that every transactional operation is going to require API key requests bia OAUTH2 and its going to be a massive pain in the ass for me. Tesla already tried pulling this shit which is why I moved to AS2.
>>108204681Literally everything but Lets Encrypt is a scam. They're fucking required to even run a website.
>>108204681I don't know why you pasted that AI slop explanation of it here, but yes it's a good thing. It should have almost no impact assuming you have a reasonable cert renewal system in place.
>>108204681you have alerted the bots
>>108205512it's all his fault.If he didn't attentionwhore, then we wouldn't have to deal with this encryption crap
>>108204681kek, in my company (9000ish people) we're really bad a keeping certs updated. Even Google and Microsoft fuck this up. What a shit show
