| April 15, 2027<\/td> | 45 days<\/td><\/tr><\/tbody><\/table><\/figure>\n\nThe issue of quantum computers<\/h3>\n\nSo why are two global players pushing so strongly for shorter SSL certificate validity periods? The answer is multifaceted, but it is worth looking into the crystal ball\u2014toward a \u201cpost-quantum\u201d world. For the IT landscape in general, the development of quantum computers holds great potential, as they could overcome some computing-time-related hurdles for well-known problems in mathematics and physics. At the same time, however, this also poses certain risks for cryptography, for example, because the algorithms used there are mostly based on the assumption that the associated mathematical problem is extremely difficult for an external attacker to solve. <\/p>\n\n In the future, quantum computers could be able to solve problems such as prime factorization or the discrete logarithm problem\u2014on which many cryptographic algorithms are based\u2014much faster than classical computers. In particular, Shor\u2019s algorithm, which runs exclusively on quantum computers, could, as the capacity of these machines increases, jeopardize modern asymmetric encryption methods such as RSA and Elliptic Curve Cryptography (ECC). <\/p>\n\n While classical computers require many sequential computation steps, quantum computers could solve these tasks far more efficiently thanks to their ability to process many states simultaneously. This would enable attackers to break commonly used encryption methods and decrypt sensitive data. <\/p>\n\n What improvements are Google and Apple hoping for?<\/h3>\n\nImplementing the policy adjustments originally proposed by Google\u2019s Chromium project would significantly increase the agility of the ecosystem surrounding public SSL certificates. This is due in particular to comprehensive automation of ordering and renewal processes, as well as reliable update strategies for root certificate lists in operating systems and applications. As a result, certificate rotation would increasingly become routine instead of a critical, long-term planned change\u2014regardless of whether it concerns a root certificate, a CA intermediate certificate, or a simple TLS endpoint certificate. <\/p>\n\n Another reason to push these adjustments forward is the aforementioned ongoing development of quantum computers. While these do not yet pose a significant threat to common key lengths, an increasing number of qubits and falling error rates could make it possible to crack algorithms such as RSA and ECDSA with 2048 and 256 bits, respectively, using Shor\u2019s algorithm. <\/p>\n\n Automated certificate management is becoming a stronger focus<\/h3>\n\nFor operators of IT systems, the most obvious impact is how they will manage digital certificates with shorter validity periods. Google itself notes this in its rationale for reducing the validity period: companies that provide a TLS endpoint cannot avoid automating digital certificate lifecycles on a large scale. <\/p>\n\n If the validity period is shortened to 90 days, companies would have to have the relevant certificates reissued and installed four times as often per year. Even if annual certificate costs remain the same\u2014by adjusting the cost of a single certificate, subscription models, or other adaptations\u2014the resulting management and administrative effort quadruples, along with the associated staffing costs. It goes without saying what Apple\u2019s proposal to halve the lifetime again to 45 days would mean. <\/p>\n\n Alongside technical provisioning, fully automated renewal therefore also increases the need for a well-coordinated management process. Previously, each manual renewal at least implicitly confirmed that the certificate was still needed. In an automated process, potentially obsolete systems may only become noticeable in the aggregate through a high final bill. <\/p>\n\n CAs such as DigiCert and Sectigo are addressing this challenge with web-based portals that provide better oversight and are intended to simplify certificate management itself. However, a core aspect of these solutions is merely the delegation of responsibilities. Whether a certificate is still needed and what role it plays in the context of the company\u2019s digital presence must still be known by the responsible internal entity or verified manually. <\/p>\n\n LEMARIT is actively working on integrating these management solutions into the world of LEMARIT.app in order to present the relevance and use of a certificate clearly in a domain context. Automated certificate management includes, among other things, seamless linking between DNS records and the corresponding certificates in the form of direct links, validity checks when DNS changes occur, and notices about certificates that are no longer in use. <\/p>\n\n <\/div><\/div> \n Ready for the shortened validity period?<\/h3>\n\n\n\nRegardless of the requirements or use cases that define your online presence: from the SSL\/TLS entry-level version to implementing the highest certificate standards, LEMARIT offers the full range of solutions\u2014and prepares your company for the announced reduction in validity periods.<\/p>\n\n\n\n |