joeware - never stop exploring... :)

Information about joeware mixed with wild and crazy opinions...

PKI Cert expiration times

by @ 7:45 pm on 4/1/2010. Filed under tech

I just had to perform the yearly renew my Cert on my Smart Card for my MVP Source Code Access to the Windows OS. I also have a Smart Card Cert for work I have to renew yearly for authentication as well.

Something that annoys me is that everyone likes to use a one year period for Certs. I.E. You have to renew them once a year. Now this makes sense in the nice clean, we have Certs that last one year viewpoint. Security likes it, as I said, it is nice and clean and fits one of our major time marks… It is also a default in at least the Microsoft Certificate Authority systems.

What annoys me about it is that you need to renew PRIOR to its expiration. In general, you want to do this a bit in advance so you don’t have an issue that could cause you some sort of outage while it gets sorted out. No one wants a smart card that isn’t working as it is usually a pain to sort it out, possibly having to mail it somewhere, possibly having to drive somewhere. Being treated like an outcast the whole while…

So what do you do? You get your notification that you are going to expire maybe 45-60 days out from the actual expiration. At the one month mark you get another message and likely you think, well I better take care of this before I can’t or before I forget and so you do.

So now the problem or at least my annoyance… Say your initial Cert is issued end of August. So the next year you get your warnings in July time frame and you likely renew at the beginning of August. The next year you get your warnings in June and you likely renew at the beginning of July, etc etc etc…

Seems like using say 13 or 14 months for the expiration period would be nice, then you know, every year in the month of XXX you have to renew your Cert. Not get earlier and earlier every year.

Just saying…

Rating 3.50 out of 5

Comments are closed.

[joeware – never stop exploring… :) is proudly powered by WordPress.]