View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
September 3, 2020

TLS Certificates Cut to One Year From This Month: What You Need to Know

"It's about making sure that, if a certificate gets into someone else's hands, it's not in someone else's hands for five years"

By claudia glover

As of the first of September companies cannot buy a TLS certificate that lasts for longer than 398 days in a move designed to protect users from compromised certificates.

The certificates were initially designed to last for five years, which was subsequently reduced to two. The latest change was announced by Apple in March.

“Keys valid for longer than one year have greater exposure to compromise” explained a spokesperson for Mozilla in a blog post.

“A compromised key could enable an attacker to intercept secure communications or impersonate a website till the TLS certificate expires.”

You’ve Got the Whole Certificate in Your Hands

“It’s not so much to say the security is broken,” Alyn Hockey,  VP of product management at security company Clearswift, explained to Computer Business Review.

“It’s just there are some applications that won’t communicate with servers if the certificate no longer validates”.

Don’t Leave Before You’ve Read This: Verizon Accelerates its Edge Strategy with the Launch of its 5G Mobile Edge Compute with AWS Wavelength

Hockey went on to outline why the shift to year-long licences has taken place:

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

“It’s about making sure that, if a certificate gets into someone else’s hands, it’s not in someone else’s hands for five years.

“Just being able to work with others rather than having old things lying around, which may or may not get reused or repurposed and could potentially lead to a vulnerability or an exploitation.”

What Your Business Needs to Know

Failing to renew a TLS certificate can result in a man-in-the-middle attack, possibly leading to sensitive information being exposed to a malicious third party.

To make sure that your business doesn’t suffer from any fallout from a TLS failure, make sure that all certificates are up to date, particularly if you have just bought a new company with new domain names. A shorter licencing time should help to combat this.

Recent high profile cases of expired or compromised TLS certificates causing havoc include LinkedIn’s outage in May 2019, where users were warned that logins may not be secure after the company let an SSL certificate expire.

Read More About This Here: LinkedIn Lets SSL Certs Lapse (Again)

Earlier in 2018, tens of millions of mobile customers using O2 and Softbank were prevented from using telco services due to what eventually turned out to be a certificate outage.

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.