Ensure that SSL certificates managed with Google Cloud Certificate Manager don't have a validity period greater than 398 days (13 months). The maximum validity period for SSL certificates being set at 398 days is to enhance security by reducing the risk of certificate compromise and misuse, while aligning with industry standards and gaining support from modern web browsers.
This rule resolution is part of the Conformity Security & Compliance tool for GCP.
excellence
A longer duration for SSL certificates leads to prolonged validation expiration, thereby increasing the risk of security vulnerabilities. Utilizing short validity periods provides an effective solution for this issue, as algorithm changes can be automatically incorporated during the renewal process, minimizing the waiting time for adoption.
Audit
To determine if your SSL/TLS certificates are renewed within the validity period of 398 days, perform the following operations:
Remediation / Resolution
Starting with September of 2020, new SSL certificates can't be issued for longer than 397 days. Therefore, to ensure that your SSL certificate validity period is compliant with industry best practices and the certificate is renewed within 398 days, you must re-create (reissue) your SSL certificate managed with Google Cloud Certificate Manager by performing the following operations:
Provisioning SSL certificates via Certificate Manager console is not currently supported.References
- Google Cloud Platform (GCP) Documentation
- Manage certificates
- How Certificate Manager works
- GCP Command Line Interface (CLI) Documentation
- gcloud projects list
- gcloud certificate-manager certificates list
- gcloud certificate-manager certificates describe
- gcloud certificate-manager certificates create
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
SSL certificates validity period
Risk Level: Medium