Ryan
Apple is not the only large company changing guidelines for the appropriate validity period for the use of signed certificates. Google is suggesting 90 days for the same in an earlier time frame (see https://www.globalsign.com/en/blog/google-90-day-certificate-validity-requires-automation ). This is definitely a continuing trend. If you have any specific methods or procedures that you would like to see implemented (perhaps some automated service to periodically update the signed certificates from some specific vendor) please open an enhancement request within the ideation site in this community. Product Management is certainly aware of the trends related to security but if you have a specific method for implementation of those trends, you should specifically ask to ensure your preferred method is being looked at.
Joe
Original Message:
Sent: Apr 29, 2025 02:44 PM
From: Ryan Rutzen
Subject: Automatic Certificate Lifecycle Management
Hi Broadcom Team,
Not sure if you are aware but Apple/CAB Forum have recently proposed changes to the validity period of TLS certificates. In the proposal the validity period will be gradually reduced to 45 days by 2029. Given this proposed limit could you let me know if Broadcom is investigating options for changes/improvement to the certificate management on PAM as it is currently a very manual task.
More information can be found here: https://www.digicert.com/blog/new-certificate-lifetime-proposed-by-apple
Thank you.
Ryan Rutzen