A leading Certificate Authority alerts industries about upcoming multiple cyber security developments in a market relied upon by millions of organizations worldwide
BOSTON, MA and LONDON, UK / ACCESSWIRE / June 20, 2023 / Later this year, and into 2024, there will be significant changes within the Public Key Infrastructure (PKI) marketplace and organizations of all types should be aware of these changes according to GMO GlobalSign, Inc., a global Certificate Authority (CA) and leading provider of identity security, digital signing and IoT solutions.These significant changes involve several critical areas: Google's move to reduce the lifespan of SSL/TLS certificates, new CA/Browser Forum Baseline Requirements for email security, and mandatory Root changes issued by Mozilla. The upcoming changes will create significant impact on industries who are using PKI - relied on millions of businesses worldwide. These shifts will require companies to adapt their PKI to ensure continued security compliance.
Transition to 90-Day SSL/TLS Certificates
Organizations relying on PKI need to be informed of Google's announcement on March 3, proposing a mandatory maximum validity limit of 90 days on SSL/TLS certificates. The current lifecycle of SSL/TLS certificates is 398 days. Companies are strongly advised to evaluate their certificate lifecycle processes now and be prepared for these changes to remain secure. These developments may force businesses to restructure their IT Infrastructure and have new technologies in place, specifically automation to ensure continued certificate lifecycle management.
"Website admins will need to move towards automation if/when the Google proposed 90-day maximum certificate validity and domain re-use goes into effect. It's going to become increasingly difficult to replace certificates using manually generated CSRs and subsequent certificate installations as the validity period and domain revalidation periods shorten," said Doug Beattie, Vice President, Product Management, GlobalSign. "Technologies such as GlobalSign's ACME offering helps automate certificate lifecycle functions and reassures certificates are being automatically replaced using fully automated processes before they expire. This keeps companies secure and prevents their websites from using expired certificates which results in loss of business."
S/MIME Baseline Requirements Changes
In January, the CA/B Forum, a consortium of browser makers, certificate authorities, and other organizations in the digital certificate ecosystem, agreed on a new set of standards called the "Baseline Requirements for the Issuance and Management of Publicly-Trusted S/MIME Certificates" to provide the detailed industry requirements for S/MIME certificates. The new standards result in a change that will be effective on September 1. This will mean standardized certificate profiles which will require additional organizational or individual validation and, in some cases, CAs will need to replace their current S/MIME CAs with new, compliant ones. Having an industry standard for S/MIME certificates improves interoperability and security and parallels what's been done for TLS and Code Signing certificates.