From: "Andy Willis" Received: from [192.168.100.201] (HELO mail.2rosenthals.com) by 2rosenthals.com (CommuniGate Pro SMTP 5.4.10) with ESMTP id 2460234 for ecs-isp@2rosenthals.com; Fri, 15 May 2026 09:47:42 -0400 Received: from secmgr-va.2rosenthals.com ([50.73.8.217]:44773 helo=mail2.2rosenthals.com) by mail.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.98.2) (envelope-from ) id 1wNst8-000000001Wb-24xY for ecs-isp@2rosenthals.com; Fri, 15 May 2026 09:47:39 -0400 Received: from mail-pg1-f181.google.com ([209.85.215.181]:44112) by mail2.2rosenthals.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.98.2) (envelope-from ) id 1wNst5-000000004n4-1nMr for ecs-isp@2rosenthals.com; Fri, 15 May 2026 09:47:36 -0400 Received: by mail-pg1-f181.google.com with SMTP id 41be03b00d2f7-c70e27e2b74so3927145a12.0 for ; Fri, 15 May 2026 06:47:35 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1778852854; cv=none; d=google.com; s=arc-20240605; b=PEJo2qom0Xb6hAJz+ENB9tD07K9KYnXMOqxB1Adt52X4Vov7sT5C58d54wxkuELCag CcGC+9VP53PauVG04hwgCDGsa+6lTkVUA4tRp0W7LGSLGlg3BZIn/YOoy3r1E5z3asTr gM6qKY54wmsCKN51wq5UDCAvyKBUPaQd1qNgtrNTU0QjQMHZTriyzBoOJEddjfifH7n4 +Ea7fUrujJIPEv2IqYw7qJlVrRm+UQbFRaZXlJzXAYr+YpS0DwIRO8HNzvMKnnK2X2E+ CzG/wNH/SxEQNW1CPJjFMVo6+HhnDeWVFCfdO0FdUtCzmnCNV0nf2SbFXqvJvIorEsBq ddkQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :dkim-signature; bh=sOm7rGzKypqKur905V7fkoyc4LwtTUH+/rKHhiUuL8o=; fh=ZsQtGASVCAaVPYOD+s6AkGCXBrNrWbmHYtaO+rsATAc=; b=OMHfLdh5dECHXlZn0WXcOFV21bKiNwt8ZnhGoB/OMJT0A5aAETqCCQ6uWlqOOXt7G6 PwASGmcvvrLqWc3ir53B6FnIiAv3/HlN3hd3+3AriekIxf625YprGobnXZvlmGAps1yu MfgbZm7vHM/iEbOuZgukFYOZ31JzMlsxoNr00JFRu0UBjGz1f0ZXHpkwkQQhtqteGFug oT5A99wdoXBUSTWgOUwqrIvY13Hn3FMfVt1DjGp6yIzBtGvFlIc3AH291jb1msA6JHKT ilHNhy6bsOqNpa0q0nkILOvFbnxxlbGPQnSnMRpInlueeSJNmHk8Ctro4U5sKfSlCjna oPmw==; darn=2rosenthals.com ARC-Authentication-Results: i=1; mx.google.com; arc=none DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20251104; t=1778852854; x=1779457654; darn=2rosenthals.com; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=sOm7rGzKypqKur905V7fkoyc4LwtTUH+/rKHhiUuL8o=; b=AtfI/xTIxe4WpBkH/Wg+vWCHFvjHrtktlGqhZFpqMs/7Dm63LYaZAWdmucb/vtSSju gNV7+aC28r0f+8Idvef9uQvFRF/nyLyX9OgmpTVorm4zQET08HA9qHFZwJgWKQ5rHYqN 6LIWocEf/6lxrn2CZAAD8Trf0T37nC1LTPRgzJaVskeSaTU3WVl82Fs2OqdlaLlL1QI2 /WUP8Ii50YRbAfoJxLrRl/kDvgKba4vA7vhQ55qp6UlK2uYzAO66vdbRJ++ZWMVeDK9T fBSnqXaSdpWPTNnMeoqNiJa1M4TrlMOCnAWqCUfqUi6rwbPVamarTX3HXbRoN/tn96yU i/Vw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20251104; t=1778852854; x=1779457654; h=to:subject:message-id:date:from:in-reply-to:references:mime-version :x-gm-gg:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=sOm7rGzKypqKur905V7fkoyc4LwtTUH+/rKHhiUuL8o=; b=FWGfTCUB6vnVTndKm9vePb0SkUyUz5gPNeASC8UXf2QmUEUXd+B5N4S62wKl2q1B9V NumjgQk6lPPeeqkV1c/sEiHlpe8+dJUPwh+5juQkRG7A12o6lXNbOHP2NbCs5XrkcI1I XR2snYVIKkN/wAv22kSgU7EbjVBmVeUDn8W/eR0UnjEGA962xq4Xm/A0c08UYub7UwlZ 3fLtE1ZuK/iW4bSpS9jHUzX+ra8lhLDCGkFt4m2uIvk+jGi7awYQ10c4MJKnNhboDZ6x faP2AkqnDCJ5Cm+P1veE2vTJg/WcHeM+41CuTPho/OI1FpQMK6xkHhkEoiQ6GynAbXtl cdMw== X-Gm-Message-State: AOJu0YxhdcFb7eBuK1e72iyv9tXl18TCVFSFUJgh7wjJQK1WWwg+NOjd QRZW18i++pc0m6mCVD+SFGlZfBrACE8AK9LpkQAKxVmJBfdVYde4vl+8BtkbSXjWDjnfpEnwzY8 3htiGkG+/BJAKqTSfHO30m11XHg55yP7iXg== X-Gm-Gg: Acq92OE6GrxmzArBfUh9Y95ZJ9ik2ypFoq+sDi6OSCSgRiuCkvQJ/XKGg084bWvv4gl o8ZGnC2GKVAr0MvoMO3OT2oACPbUVx0w71REX29bbmufoyJI5Ofufdt+NrCNSmbkf4OkZpQSdf3 cITbhgxaDMSNCyKFnKHTEssqbj5Ov5JvB9CfyPIDyCnLTQhAmi8IkBwPjtOeuptxgE1f/tyH5DQ gjZcp3e21goOlhWTzAg98BaIPLDnNp2lFBbTeqw6wbBIRR/+komLIQytUNHCWxg3hJIJHxeD+rM EZl3vsk= X-Received: by 2002:a05:6a20:748b:b0:39c:787:f197 with SMTP id adf61e73a8af0-3b22ec70cacmr4598892637.36.1778852854212; Fri, 15 May 2026 06:47:34 -0700 (PDT) MIME-Version: 1.0 References: In-Reply-To: Date: Fri, 15 May 2026 08:47:23 -0500 X-Gm-Features: AVHnY4K9QhjengOKnozQGq7pZKrjY79sfO3uGD4UsWwxrtyNnRwln42hNIZNbK4 Message-ID: Subject: Re: [eCS-ISP] SSL cert lifetime To: eCS ISP Mailing List Content-Type: multipart/alternative; boundary="0000000000007bab8d0651db74ca" --0000000000007bab8d0651db74ca Content-Type: text/plain; charset="UTF-8" I saw the same from digicert. I raised the suggestion of changing to letsencrypt. Only 30 days but free so why pay a high premium for 17 additional days. On Thu, May 14, 2026, 10:40 Lewis G Rosenthal wrote: > Thought I'd share this bit of news from Starfield Tech regarding cert > lifetimes. I am assuming this will pertain to all CAs over the next few > years. > > 8<-------------------- snip -------------------->8 > > The entire SSL Industry is undergoing a requirement to shorten SSL/TLS > validity duration from 398 days to 47 days. The first phase has started > and > validity is now 200 days. This will again change to 100 days by March 2027 > and finally to 47 days by March 2029. > > What does this mean for you? Instead of re-installing your certificate 1x > per year, that frequency will begin to increase. Starting later this year > in > approximately 180-200 days you'll need to repeat this action - and then > again more frequently in 2027 through 2029. > > 8<-------------------- snip -------------------->8 > > Oh, joy. > > Further details are given in this "handy" article on their site: > > > https://www.secureserver.net/help/why-are-ssl-certificate-validity-periods-changing-42816 > > The whole argument about shorter cert lives being more secure is a tough > one > for me, given the availability of OCSP stapling and other > validation/revocation methods. Oh, well. > > -- > Lewis > ------------------------------------------------------------- > Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA > Rosenthal & Rosenthal, LLC www.2rosenthals.com > visit my IT blog www.2rosenthals.net/wordpress > ------------------------------------------------------------- > > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > To subscribe (new addresses), E-mail to: and > reply to the confirmation email. > Web archives are publicly available at: http://lists.2rosenthals.com > > This list is hosted by Rosenthal & Rosenthal, LLC > P.O. Box 281, Deer Park, NY 11729-0281. Non- > electronic communications related to content > contained in these messages should be directed > to the above address. (CAN-SPAM Act of 2003) > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > --0000000000007bab8d0651db74ca Content-Type: text/html; charset="UTF-8" Content-Transfer-Encoding: quoted-printable
I saw the same from digicert.=C2=A0 I raised the sug= gestion of changing to letsencrypt.=C2=A0 Only 30 days but free so why pay = a high premium for 17 additional days.

On Thu, May 14, 2= 026, 10:40 Lewis G Rosenthal <ecs-isp@2rosenthals.com> wrote:
Thought I'd share this bit of news from Starfie= ld Tech regarding cert
lifetimes. I am assuming this will pertain to all CAs over the next few yea= rs.

8<-------------------- snip -------------------->8

The entire SSL Industry is undergoing a requirement to shorten SSL/TLS
validity duration from 398 days to 47 days. The first phase has started and=
validity is now 200 days. This will again change to 100 days by March 2027 =
and finally to 47 days by March 2029.

What does this mean for you? Instead of re-installing your certificate 1x <= br> per year, that frequency will begin to increase. Starting later this year i= n
approximately 180-200 days you'll need to repeat this action - and then=
again more frequently in 2027 through 2029.

8<-------------------- snip -------------------->8

Oh, joy.

Further details are given in this "handy" article on their site:<= br>
= https://www.secureserver.net/help/why-are-ssl-certificate-validity-periods-= changing-42816

The whole argument about shorter cert lives being more secure is a tough on= e
for me, given the availability of OCSP stapling and other
validation/revocation methods. Oh, well.

--
Lewis
-------------------------------------------------------------
Lewis G Rosenthal, CNA, CLP, CLE, CWTS, EA
Rosenthal & Rosenthal, LLC=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2= =A0 =C2=A0 www.2rosenthals.com
visit my IT blog=C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 =C2=A0 www.2rosenthals.net/wordpress
-------------------------------------------------------------


=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D
This message is sent to you because you are subscribed to
=C2=A0 the mailing list <ecs-isp@2rosenthals.com>.
To unsubscribe, E-mail to: <ecs-isp-off@2rosenthals.com>=
To switch to the DIGEST mode, E-mail to <ecs-isp-digest@2ros= enthals.com>
To switch to the INDEX mode, E-mail to <ecs-isp-index@2rosent= hals.com>
Send administrative queries to=C2=A0 <ecs-isp-request@2rose= nthals.com>
To subscribe (new addresses), E-mail to: <ecs-isp-on@2rosenthals= .com> and reply to the confirmation email.
Web archives are publicly available at: http://lists.2rosenth= als.com

This list is hosted by Rosenthal & Rosenthal, LLC
P.O. Box 281, Deer Park, NY 11729-0281. Non-
electronic communications related to content
contained in these messages should be directed
to the above address. (CAN-SPAM Act of 2003)

=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D= -=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D-=3D

--0000000000007bab8d0651db74ca--