This month, Sectigo, the strategic partner of ZoTrus Technology International SSL Certificate, released the seven major digital security products in 2024 in the blog column of its official website, and the author spent the weekend translating and interpreting these seven major ones.
Today's Interpretation **7: The validity period of certificates will be shortened, and all organizations should actively respond to the challenges.
As mentioned in this article by Sectigo, the 90-day SSL certificate will definitely arrive, but it is still unknown when it will arrive in 2024. Preparing for a rainy day is the only way to calmly cope with future changes, because the reliable and uninterrupted operation of business systems is the lifeblood of an enterprise, which cannot be ignored.
How should the industry deal with this challenge, Sectigo did not propose more solutions, but simply mentioned its SCM system, which does not solve the problem faced by China - the popularization of commercial passwords to achieve HTTPS encryption. How should China deal with the challenge of shortening the validity period of digital certificates, I recommend readers and friends to read the four blog posts previously written by the author - "90-day SSL certificate countermeasure 1: government affairs", "90-day SSL certificate countermeasure 2: enterprise", "90-day SSL certificate countermeasure 3: cloud platform" and "90-day SSL certificate countermeasure 4: CA", these four articles provide detailed solutions for different industries.
Here is a summary of the solution proposed by ZoTrus Technology to solve the challenge of shortening the validity period of SSL certificates, that is, three words - automation, only automation can completely solve the problem, and manual application and deployment of certificates will become impossible. In the world, the automation of installing an ACME client software on the server cannot solve the problems faced by China, China needs to popularize commercial cryptography https encryption, and there are only two solutions: deploying the SM2 https encryption automation gateway and enabling the SM2 https encryption automation cloud service, and the gateway or cloud service will automatically connect to the ZT cloud SSL system, and the automation is ** Configure a dual-algorithm SSL certificate to automatically implement HTTPS encryption with adaptive encryption algorithms to meet the application requirements of users' national cryptography compliance and global trust. This is the only viable solution, not one of them.
In order to cope with the possible arrival of the SSL certificate in 2024, the validity period of the SSL certificate will be shortened to 90 days, and all the best owners can do is to make an investment budget at the end of the year, and before the official implementation of this policy next year, they will definitely give everyone a transition period that is enough to complete the transformation. and the business system will not affect the reliable and continuous operation of the business system because it cannot cope with the 90-day certificate.
The crisis is also an opportunity and a business opportunity, providing the right solution for the upcoming 90-day certificate crisis, and also an opportunity for CA institutions and cloud platform vendors to win the market. So, regardless of the size of the organization, it is important to take proactive action to address these challenges and become stronger, ensuring that ** and business systems are not compromised by not being able to implement https encryption properly, and ensuring that it can achieve secure and sustainable growth in the digital age.
As the end of the year approaches and the New Year approaches, ZoTrus Technology is willing to work with all partners and users to meet the challenges of the upcoming 2024, especially the challenge of 90-day SSL certificates, which is the biggest challenge to ensure the security of Internet services and data circulation.
Translation >
The lifespan of digital certificates will continue to decrease. As leading browser vendors continue to push for shorter lifespans of digital certificates, businesses will face a headache when it comes to updating digital certificates. Businesses must be prepared to re-evaluate the game-changers of security fundamentals that have been in the shadows for a long time.
Businesses are bracing for a seismic shift in 2024 that threatens to undermine the foundations of their digital security protocols. The maximum validity period of various digital certificates is decreasing, and this trend will continue as industry leaders become more convinced that short-term certificates are fundamentally more secure. In the coming year, businesses will be investing heavily in automation solutions so that they can prepare for the upcoming shortening of certificate validity. As the expiration date of digital certificates that support all digital processes and application environments continues to shorten, a significant challenge for organizations will be unable to keep up with the pace of new certificate updates required.
As an upcoming action, mainstream root certification program vendors will shorten the validity period of TLS SSL certificates to 90 days. Google Chrome has made it clear in its "Moving Forward, Together"* initiative to force a shorter period of validity for certificates. Organizations will face the challenge of upgrading their processes and systems to accommodate these new, short-term credentials. The upcoming shift to shorter certificate expiration dates requires a proactive, automated approach that forces organizations to reassess and realign their security foundations in response to the continuously transforming application landscape.
It is a basic fact that the door to shorten the life of certificates has begun to open.
For a long time, SSL digital certificates have been the most secure foundation to enable secure communication and data transmission over the Internet. This type of certificate is issued by the CA to verify the identity of the web server and ensure that the user is connected to a legitimate and secure platform. However, the landscape is changing rapidly, and businesses must face the reality that as short-term certificates become the new normal, the lifespan of all their critical certificates will be significantly shortened.
Traditional manual certificate management hurts an organization's digital status because manual processes are inadequate to handle the management and renewal of short-term certificates. Shorter-lived certificates are more secure because there is a smaller window of risk for certificate errors, key theft, or other issues. They also create more cryptographically agile systems by circulating certificates faster in production.
However, shorter-lived certificates require more frequent renewals, and if these renewals are not made correctly and on time, various business systems, applications, or functions may stop working or stop working properly. This can lead to service interruptions, lost revenue, service agreement violations, violations, and reduced customer satisfaction.
A trendsetting browser.
The driving force behind this upcoming upheaval is a joint effort by leading browser vendors to enhance security. Google Chrome's proposal is to spearhead collaboration within the industry to support tighter controls and faster responses to emerging threats, with other major browsers likely to adopt similar policies. While this move is undoubtedly aimed at strengthening cybersecurity, its ripple effect will lead to organizations revising their enterprise-wide certificate policies.
The need to replace certificates in a timely and seamless manner is critical, as the fundamentals of these security risks will become increasingly challenging once the new policy is in effect. It's not an exaggeration that a business could suddenly fall because of this, it's a grim reality that requires immediate attention and strategic planning.
In addition to browsers pushing for shorter certificate lifetimes, there are other events that show that shorter certificates have become a widespread trend in cybersecurity. For the first time ever, the S MIME (Secure Multipurpose Internet Mail Extension) certificate baseline, adopted in 2023, requires that the duration of email certificates be limited to two or three years, and future work is expected to limit all S MIME mail certificates to two years, with no exceptions. Similarly, mainstream Trusted Root Certification programs, which limit the validity of root certificates to 15 years and plan to deprecate previous root certificates with longer validity periods, ultimately hope to reduce the maximum lifetime of root certificates to 7 years.
This reflects the industry's general recognition of the value of shortening the life of a certificate and the positive actions taken to achieve this consensus.
These industry initiatives align with the broader trend of shortening the digital certificate lifecycle to address emerging threats and promote a more secure** environment, and the 90-day certificate lifecycle proposal puts this topic in front of every organization's boardroom.
Don't panic and start preparing. There is still uncertainty as to when the 90-day certificate will be implemented. But it happens, the only question is when. Of course, there is no need to panic, and the company will definitely have enough time to fully prepare for this.
The steps that companies should take are exactly the same as the previous shortening from 2-year certificates to 1-year certificates:
Discover Visibility: Know where all SSL certificates are located in your network.
Automation: Automate the entire certificate lifecycle with alerting, renewal, and configuration.
Accountability: Define certificate ownership and clarify responsibilities for certificate lifecycle management.
Policies and processes: Use self-service tools to streamline the process of applying for and approving certificates.
The shift in the lifespan of digital certificates requires a proactive approach, requiring organizations to reassess their cybersecurity strategies and strengthen their defenses against looming challenges.
There is no uncertainty in this. Absolutely sure.
In the face of this imminent shift, collaboration between enterprises, CAs, and browser vendors has become critical. Open communication channels are essential to address the challenges posed by the shortened lifespan of digital certificates. Businesses are encouraged to actively engage with their CA agency to stay informed of policy changes, industry best practices, and potential solutions to mitigate the transition.
Businesses that strategically respond to the surge in short-term credentials will be better able to maintain cyber resilience across the organization. A successful strategy includes not only developing a comprehensive certificate renewal plan, but also future-proofing security measures for further changes in the cybersecurity landscape. Proactive measures, such as automating certificate renewals and keeping up with emerging technologies, can help businesses stay ahead of the curve.
At Sectigo, we have a common platform dedicated to managing the lifecycle of digital certificates, giving businesses of all sizes a complete view of their entire certificate operations from a single interface. Integrating with leading technology providers, Sectigo Certificate Manager can discover any public or private certificate in any organization's network, insulating businesses from cyberattacks and service outages.
At the end of the day, you can't manage what you can't see, so with certificate lifespans shortening and post-quantum cryptography emerging, it's never been more important to be cryptographically agile and ready to adopt future-proof solutions.
The digital landscape is constantly evolving, and businesses must adapt to the ever-changing wave of cybersecurity to protect their assets and maintain customer trust. By taking a proactive, collaborative approach, businesses can address these challenges and emerge stronger, ensuring that there is no threat of sudden downfall, but instead opportunities for growth and resilience in the digital age.