You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
To comply with rule set forth with ballot 193, CA's will now require SSL certs to be regenerated if they are purchased for terms beyond 825 days. My CA requires regeneration after 2 years. If I purchased an SSL Cert for 3+ years, I do not need to purchase a renewal, but I must regenerate the SSL cert at 2 years.
It should be distinguished in DomainMOD to which certificates need a purchase renewal, or just a regeneration renewal.
Proposal
"SSL Certificate Expiration" indicates when the installed SSL Certificate expires and must be renewed.
DomainMOD should support an additional attribute that is named something like "SSL Certificate Order Expiration".
Order Expiration could be left empty and default to Certificate Expiration. With this additional attribute, however, we can determine if we need to purchase a SSL renewal, or just regenerate a renewal without additional purchase.
Thanks for posting this! I hadn't heard about this before, but I'll investigate and figure out how things can be tweaked with DomainMOD to accommodate.
To comply with rule set forth with ballot 193, CA's will now require SSL certs to be regenerated if they are purchased for terms beyond 825 days. My CA requires regeneration after 2 years. If I purchased an SSL Cert for 3+ years, I do not need to purchase a renewal, but I must regenerate the SSL cert at 2 years.
It should be distinguished in DomainMOD to which certificates need a purchase renewal, or just a regeneration renewal.
Proposal
"SSL Certificate Expiration" indicates when the installed SSL Certificate expires and must be renewed.
DomainMOD should support an additional attribute that is named something like "SSL Certificate Order Expiration".
Order Expiration could be left empty and default to Certificate Expiration. With this additional attribute, however, we can determine if we need to purchase a SSL renewal, or just regenerate a renewal without additional purchase.
Ballot 193 limits maximum lifetime for OV and DV certificates to about 27 months.
https://cabforum.org/2017/03/17/ballot-193-825-day-certificate-lifetimes/
The text was updated successfully, but these errors were encountered: