this post was submitted on 17 Apr 2025
200 points (98.1% liked)

Technology

69298 readers
3938 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots

founded 2 years ago
MODERATORS
L3s@lemmy.world
enu@lemmy.world
technopagan@lemmy.world
L4s@lemmy.world
L3s@hackingne.ws
L4s@hackingne.ws
200
TLS Certificate Lifetimes Will Officially Reduce to 47 Days (www.digicert.com)
submitted 1 week ago by exu@feditown.com to c/technology@lemmy.world
62 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] mctoasterson@reddthat.com 83 points 1 week ago (17 children)

The most-aggressively short timelines don't apply until 2029. Regardless, now is the time to get serious about automation. That is going to require vendors of a lot of off-the-shelf products to come up with better (or any) automation integrations for existing cert management systems or whatever the new standard becomes.

The current workflow many big orgs use is something like:

  1. Poor bastard application engineer/support guy is forced to keep a spreadsheet for all the machines and URLs he "owns" and set 30-day reminders when they will expire,

  2. manually generate CSRs,

  3. reach out to some internal or 3rd party group who may ignore his request or fuck it up twice before giving him correct signed certs,

  4. schedule and get approval for one or more "possible brief outage" maintenance windows because the software requires manually rebinding the new certs in some archaic way involving handjamming each cert into a web interface on a separate Windows box.

As the validity period shrinks and the number of environments the average production application uses grows, the concept of doing these processes manually becomes a total clusterfuck.

[–] exu@feditown.com 22 points 1 week ago (1 children)

Looking forward to companies hiring "Cert Engineers" who just renew certs all day.

Joking aside, it really is time to deploy automation for those that haven't already

[–] HarkMahlberg@kbin.earth 8 points 1 week ago (1 children)

That was a joke? Nice try Nostradamus, I know you can see the future.

[–] Archer@lemmy.world 2 points 1 week ago (1 children)

They’ll add AI to it somehow

[–] HarkMahlberg@kbin.earth 2 points 1 week ago

Which will get it wrong and leave expired/unsigned certs everywhere XD

load more comments (15 replies)