|
|
|
|
|
|
by norenh
1766 days ago
|
|
|
The bound is basically set by the CA/Browser Forum [1] where the current baseline requirements [2] are stipulating: "6.3.2 Certificate operational periods and key pair usage periods Subscriber Certificates issued on or after 1 September 2020 SHOULD NOT have a Validity Period greater than 397 days and MUST NOT have a Validity Period greater than 398 days. Subscriber Certificates issued after 1 March 2018, but prior to 1 September 2020, MUST NOT have a Validity Period greater than 825 days. Subscriber Certificates issued after 1 July 2016 but prior to 1 March 2018 MUST NOT have a Validity Period greater than 39 months. For the purpose of calculations, a day is measured as 86,400 seconds. Any amount of time greater than this, including fractional seconds and/or leap seconds, shall represent an additional day. For this reason, Subscriber Certificates SHOULD NOT be issued for the maximum permissible time by default, in order to account for such adjustments." - CA-Browser-Forum BR 1.7.9, p67 [1] https://cabforum.org/ [2] https://cabforum.org/baseline-requirements-documents/ |
|
|