How Long Can Digital Certificates Be Valid (And Why)?

Exact Answer: 397 Days

Digital Certificates serve as a medium to secure the genuineness of the endpoint. They serve as an authentic stamp on the authenticity of the server or the user. When an endpoint or entity has the private key of a server, the digital certificate helps to bind the public key of that server to the endpoint. In this way, digital certificates verify the originality of the endpoint.

A recipient of the digital certificate can verify the authenticity of the digital certificate from its contents. This certificate contains the name of the certificate holder, a unique number, date of expiry of the certificate, a duplicate of the public key of the endpoint, and the digital signature of the Certificate Authority. Certificate Authority is the key body responsible for the issue of digital certificates.

How Long Can Digital Certificates Be Valid?

The Digital Certificate was not supposed to be lasting for an indefinite period. Rather, it was deemed to expire after a certain period. In this regard, the certifying authorities are required to decide on the validity period of the digital certificate.

Earlier, the validity period of these digital certificates was for 10 years. However, this timeframe was considered too big as the reliability of the means of validation declines with time. Thus, with this fact in mind, the validity period of the certificates was reduced to 5 years, which continued till 2015.

In 2015, the validity period for the digital certificates was further reduced to 3 years. This rule remained operational till 2018. In 2018, this period underwent a further decrease.

The validity period for the digital certificates issued by the Certificate Authority was made to 825 days. To be precise, the validity period was set at 2 years 3 months, and 5 days.

From the 1st of September in 2020, the validity period went through the most recent change. It was set at 397 days or 13 months. However, any digital certificate issued prior to that carrying a two-year expiry would still be accepted.

Why Digital Certificates Can Be Valid For That Long?

Soon after the advent of the internet, a need was felt to establish the authenticity of digital certificates. This would be done by establishing a link between the server and the endpoint possessing the private key of that server. Such a link would make sure that the user is using the correct and secure server.

There are several benefits of a change in decreasing the validity period of digital certificates. Some of its benefits are reduced chances of hacking, a shorter update period, and an increase in the trustworthiness of those digital certificates.

If the validity period is reduced, it will certainly lead to a reduction in the risk of hacking. If the private key is the same for a long period, any employee who comes in contact with it may expose it to the outer world. It poses a great danger to the reliability of the server. Thus, a shorter validity period would certainly be advantageous.

Moreover, more time is required to download updates, if the validity period of the digital certificate is longer. The retiring process of SHA1 took nearly three years. It would take the old digital certificates a great deal of time to be naturally replaced.

In addition to that, the data which is used to verify the authenticity of an endpoint loses its reliability over time. Thus, the shorter the validity period of the digital certificates, the less is the risk of falseness.

Conclusion

Digital Certificates are currently valid for 13 months, or 397 days, to be precise. This validity period stood at 825 days before the first of September, 2020. Previously, this period has also been set at three years, five years, and five years.

The reduction in the validity period of the digital certificates resulted in several benefits. It helps to ascertain the reliability of the endpoint and maintains it.

References

1. https://ieeexplore.ieee.org/abstract/document/8394455/
2. https://www.sciencedirect.com/science/article/abs/pii/S0167923613000286