Major Web Browsers Reducing Validity of SSL/TLS Certificates to 398 Days

book

Article ID: 195822

calendar_today

Updated On:

Products

Clarity PPM On Premise

Issue/Introduction

Major web browsers, such as Google Chrome, Mozilla Firefox, Microsoft Edge (based in Chromium) and Apple Safari, will be requiring SSL/TLS certificates to have a validity period of 398 days or less starting September 1st, 2020.

Certificates that have been issued on or after September 1st, 2020 with longer validity will be flagged by the browser and treated as invalid/misissued (depending on browser and version, error messages such as ERR_CERT_VALIDITY_TOO_LONG will be displayed).

Cause

This is not a Clarity issue but a browser vendor decision to limit validity of certificates.

Resolution

If you are experiencing this issue when accessing Clarity via HTTPS, contact your Certification Authority and make sure that the validity of your certificate is 398 days or less and update your certificate in Clarity.

As some years might have leap seconds, and validity has been defined as exactly 86,400 seconds or less, your certificate should have a validity of 397 days or less.

Additional Information

Clarity PPM - Configuring HTTPS: https://knowledge.broadcom.com/external/article?articleId=9783

Chromium (Google Chrome, Microsoft Edge based in Chromium...): https://source.chromium.org/chromium/chromium/src/+/master:net/docs/certificate_lifetimes.md

Mozilla: https://blog.mozilla.org/security/2020/07/09/reducing-tls-certificate-lifespans-to-398-days/

Apple: https://support.apple.com/en-us/HT211025