IAM in Service Catalog
In 2018, the CA-Browser Forum came to an agreement to reduce maximum lifetime of certificates from three years to two years. At that time, the major browsers were pushing hard for 1-year certificates and the major CAs wanted to maintain 3-year certificates. The new 2-year standard was a compromise.
Now it's 2020 and Apple has taken unilateral action and announced that Safari will no longer trust 2-year certificates as of 9/1/2020. Google, Mozilla, and Microsoft soon jumped on board. In response, the public CAs will all stop issuing 2-year certificates. The intent of the policy change is to improve security by limiting the length of time a fraudulent certificate can be used, especially given poor implementations of certificate revocation.
This page documents the timeline and impacts of this industry-wide change on UW Certificate Services customers.
The UW CA is not part of the trusted root program for any browsers and is not subject to this new requirement. There will be no impacts to UW CA customers.
The InCommon CA relies on the Sectigo root CA, which is part of the trusted roots program for all major browsers. This means InCommon certificates will be impacted by this industry-wide change.
The change to certificate lifetime policy takes effect on August 19, 2020.
Please send any questions to firstname.lastname@example.org with "InCommon certificates" in the subject line.