[jstrom]

If I'm reading the post right, it's stricter than that:

> ...distrusting certificates whose validity period (the difference of notBefore to notAfter) exceeds the specified maximum.

I.e., a certificate valid from 1/2015..1/2019 is distrusted as of Chrome 59.

And the more lax restrictions only apply to certificates that have already been issued. Any one issued after Chrome 61 are held to the highest (9 mo) limit.

> In addition, we propose to require that all newly-issued certificates must have validity periods of no greater than 9 months (279 days) in order to be trusted in Google Chrome, effective Chrome 61.

[zie]

I agree with the newly issued certs. The other, that's going to be painful, and a mess to figure out, if you are right.. and that's quite possible that you are. UGH.

EDIT: Update, I'm not sure you are correct, I just downloaded the latest dev release (Version 59.0.3047.0 (Official Build) dev (64-bit)) and it accepts a rapidssl issued(symantec owned) cert valid for 1187 days, which would exceed the 1023 days.

It's also possible it just hasn't made it into the release yet, I'll have to keep like a daily eye on this, and plan to replace much much sooner just in case.

[hsivonen]

> It's also possible it just hasn't made it into the release yet,

The proposal was just made, so you shouldn't expect it to be reflected in code just yet.