- Published on
Shortening TLS Lifetimes: 45-day SSL
- Authors
- Name
- Alex Lee
- @alexjoelee
The 90-day SSL Certificate
90-day SSL certificates, which were also known as short-term validity SSL certificates before "45-day SSL", have several advantages that we covered in a previous blog post, Pros and Cons of the 90-day SSL Certificate.
The 45-day SSL Certificate
In a heated discussion, engineers at top companies discuss whether shortening this lifetime by half is a good idea.
The benefits are the same as before: Enhanced security, faster issuance, and requiring regular renewal. With these benefits come significant cost in the form of administrative overhead, likelihood of mistakes or expired certificates, and the costs of renewing frequently.
Automating Certificates When You Can't
Those who are still renewing TLS certificates manually would certainly agree they're seeing diminishing (or no) returns on this increased investment of labor and time. If you haven't automated SSL certificate issuance by now, you certainly will be looking at it if it's an option. If not, you still have a couple of viable options for automating SSL/TLS for legacy applications:
- Implement a reverse proxy that supports ACME challenges, such as Caddy web server.
- Implement a CDN or other edge platform to serve your requests (just like a big reverse proxy)
The web was not designed with security in mind and we've all been playing catch-up ever since.