Reduction of the runtime of server certificates

Configuration adjustments of the DFN-PKI from the end of August


As already reported in June, Apple is shortening the term of the new server certificates issued from the beginning of September from 27 months to approximately 13 months (398 days).

In the meantime, this requirement has also been included in the Baseline Requirements of the CA/Browser Forum. The DFN-PKI has implemented the shortened validity period with version 7 of the certification policy.

The DFN-PKI will make configuration adjustments on August 27, 2020, so that all newly issued server certificates will then automatically have a validity period of 397 days. The 397 days are a SHOULD rule of the CA/Browser Forum. The participants of the DFN-PKI do not have to observe anything else.

Existing, still valid certificates with a longer validity period can be used normally and expire at their intended time.

The change is effective for all certificates issued for data processing systems. User certificates are not affected. (Source: DFN-PKI)