The CA/Browser Forum has officially voted to amend the TLS Baseline Requirements to set a schedule for shortening both the lifetime of TLS certificates.
There is plenty of data on compromised certs. I mean if you steal a cert you essentially steal the identity of that server.
I’m just saying before that you had admins connecting from time to time to the server while deploying but after that change it could be years before someone connects. Cert deployment IMO is often one of the last maintenance that is not automated and one of the hardest to automate both safely and reliably.
But for a business that handles it that way it’s just straight up an upgrade in security to have shorter certs.
There is plenty of data on compromised certs. I mean if you steal a cert you essentially steal the identity of that server.
I’m just saying before that you had admins connecting from time to time to the server while deploying but after that change it could be years before someone connects. Cert deployment IMO is often one of the last maintenance that is not automated and one of the hardest to automate both safely and reliably.
But for a business that handles it that way it’s just straight up an upgrade in security to have shorter certs.