The 47-Day Certificate Ultimatum: How Browsers Broke the CA Cartel
15 hours ago
- #SSL Certificates
- #WebPKI
- #Cybersecurity
- Certificate Authorities (CAs) had a monopoly on issuing SSL certificates, charging high fees for long-term certificates.
- The SHA-1 cryptographic algorithm was cracked, exposing vulnerabilities in long-lived certificates.
- Browsers and CAs clashed over reducing certificate lifetimes, with CAs resisting due to revenue concerns.
- Apple unilaterally enforced a 398-day certificate limit, forcing CAs to adapt.
- Research showed stale certificates posed security risks, leading to proposals for even shorter lifetimes (47 days).
- Let’s Encrypt proved short-lived, automated certificates work at scale, disrupting the CA business model.
- CAs shifted focus to selling certificate management tools as certificates themselves became commoditized.
- CertKit is introduced as a solution for automated certificate management in the 47-day future.