Google has recently announced a significant change in its approach to TLS certificates, also known as SSL certificates [2]. This decision comes as a response to Apple’s earlier announcement that it would no longer recognize certificates with validity periods exceeding 398 days. Notably, other major browser vendors [1] [2], including Mozilla [1], Google [1] [2], and Microsoft [1], have also adopted this policy [1]. The objective of this change is to address the growing sophistication of cybercriminals and the need for more frequent security updates [2].
Description
Google has made the decision to adopt a 90-day lifespan for TLS certificates, aligning with the new industry standard. This change is a direct result of Apple’s decision to limit the recognition of certificates with longer validity periods. By shortening the lifespan of TLS certificates, Google aims to enhance cybersecurity measures and ensure more timely security updates.
The significance of this change should not be underestimated. Expired TLS certificates not only pose a cybersecurity risk but can also lead to service outages and hinder business transactions [2]. Therefore, it is crucial for companies to stay vigilant and keep their certificates up to date.
Conclusion
Google’s decision to adopt a 90-day lifespan for TLS certificates is likely to have a ripple effect throughout the industry. Other companies are expected to follow suit, recognizing the importance of more frequent security updates in the face of increasingly sophisticated cybercriminals.
This change will undoubtedly have a positive impact on cybersecurity, reducing the risk of potential breaches and ensuring the smooth operation of online services. However, it also places a greater responsibility on organizations to stay proactive in managing their certificates and keeping them up to date.
In conclusion, Google’s proactive approach to enhancing security measures sets a precedent for the industry. By adopting a shorter lifespan for TLS certificates, companies can better protect themselves and their customers from cyber threats. It is crucial for organizations to stay informed and adapt to these changes to maintain a secure online environment.
References
[1] https://www.appviewx.com/blogs/tls-certificate-lifespans-now-capped-at-13-months/
[2] https://www.darkreading.com/attacks-breaches/5-ways-to-prepare-google-90-day-tls-certificate-expiration
