search cancel

Impact of Chrome 85 TLS certificate lifetime changes on Web Isolation


Article ID: 198176


Updated On:


Web Isolation Web Isolation Cloud


Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less.

The Chrome official announcement is available here



What does it mean for Web Isolation?

  1. This is not an issue for version 1.14
  2. For versions 1.13 / 1.12 / 1.11:
    • This is an issue if a new gateway is added to the environment on or after 2020-09-01
    • We have created a patch allowing customers to overcome this. The patch changes the default certificate-signing lifetime to be 1 year.


Patch instructions

  1. Download the patch to the management machine:
  2. Change file permissions:
    chmod +x ./
  3. Run the patch as root:
    sudo ./