ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Impact of Chrome 85 TLS certificate lifetime changes on Web Isolation


Article ID: 198176


Updated On:


Web Isolation Web Isolation Cloud Threat Isolation Gateway


Beginning with Chrome 85, TLS server certificates issued on or after 2020-09-01 00:00:00 UTC will be required to have a validity period of 398 days or less.

The Chrome official announcement is available here



What does it mean for Web Isolation?

  1. This is not an issue for version 1.14
  2. For versions 1.13 / 1.12 / 1.11:
    • This is an issue if a new gateway is added to the environment on or after 2020-09-01
    • We've created a patch allowing customers to overcome this. The patch changes the default certificate signing lifetime to be 1 year.


Patch instructions

  1. Download the patch to the management machine:
  2. Change file permissions:
    chmod +x ./
  3. Run the patch as root:
    sudo ./