Mozilla Joins Apple, Google in Reducing TLS Certificate Lifespans

Mozilla is the latest browser maker to have announced updated policies that would reduce the lifetime of TLS (Transport Layer Security) certificates.


Currently, SSL/TLS certificates have a maximum lifespan of 825 days, but, in an attempt to ensure better protection of HTTPS connections, browser makers such as Apple, Google and Mozilla are looking into reducing that period to 398 days.


Apple was the first to make a move in this direction, by announcing earlier this year that, starting September 1, 2020, TLS server certificates should have a validity period of up to 398 days.


“This change will affect only TLS server certificates issued from the Root CAs preinstalled with iOS, iPadOS, macOS, watchOS, and tvOS. Additionally, this change will affect only TLS server certificates issued on or after September 1, 2020; any certificates issued prior to that date will not be affected by this change,” Apple said.


Last month, it was revealed that Google too will impose the limit in Chrome, also starting September 1, 2020. The company will reject certificates that violate the policy.


Now, Mozilla says that it too is ready to join the fray, explaining that the move will bring numerous security and privacy benefits: certificates using outdated or weak algorithms will be phased out faster, there will be fewer disruptions, and exposure diminished. Furthermore, certain impersonation attacks will likely be mitigated this way.


The browser maker says it will update its Root Store Policy to impose the limitation regardless of whether the CA/Browser Forum’s
Support the originator by clicking the read the rest link below.