[cabfpub] SHA-1 changes and certificate lifetimes

Geoff Keating geoffk at apple.com
Sat Nov 16 00:51:37 UTC 2013

On 13 Nov 2013, at 12:14 pm, Geoff Keating <geoffk at apple.com> wrote:

> (I'll check and see if I can find a single SHA-2 cert with an expiry past 2018) 

Following up on this, the latest expiry for a SHA-2 cert I can find is 2018-12-5.  That cert is a non-BR-compliant certificate issued by CyberTrust under the Common Policy CA, for firstid.idm.cybertrust.com (I actually found 4 certs with slightly different spellings of the domain name).

However, this is one of only 3 cases (6 certs) I could find where a SHA-2 cert was issued before 2013-1-1 and expires after 2017-1-1.  Thus I believe we will be able to assume on 2017-1-1 that all SHA-2 certificates have been issued under some version of the baseline requirements.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4103 bytes
Desc: not available
URL: <http://lists.cabforum.org/pipermail/public/attachments/20131115/6e00ed40/attachment-0001.p7s>

More information about the Public mailing list