Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less.

The Chrome official announcement is available here

What does it mean for Web Isolation?

1. This is not an issue for version 1.14
2. For versions 1.13 / 1.12 / 1.11:
   • This is an issue if a new gateway is added to the environment on or after 2020-09-01
   • We have created a patch allowing customers to overcome this. The patch changes the default certificate-signing lifetime to be 1 year.

Patch instructions

1. Download the patch to the management machine:
   wget https://fgl-fileserver.s3-eu-west-1.amazonaws.com/cert_398.sh
2. Change file permissions:
   chmod +x ./cert_398.sh
3. Run the patch as root:
   sudo ./cert_398.sh