Solved

Why Root CA Cert does not have expiration date?

Posted on 2016-09-18
2
41 Views
Last Modified: 2016-09-18
Hi As we know the below is a chain. The last two elements have expiration date. and need to update. But I have not heard the first one Root CA Cert need to update. Why is that? Thank you

Root CA Cert > Intermediate CA Cert (bundle of Sub CA) > Server SSL cert
0
Comment
Question by:eemoon
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41803781
If they are certificates using the standard X.509 the CA normally will have its expiration date. And its expiration date is important, because no certificate under its chain can have an expiration date after the date of the Root CA Cert.

Usually Root CAs are never heard of been updated because of the following reasons:
- Their expiration date is usually set for lasting a long line. For example: 40 years.
- They are not renewed by the final user, they are renewed in the PKI itself. An administrator just works with it if it is an internal CA and its certificate needs to be renewed.
- OSs add new CAs to their repositories with OS updates, and usually the issuer companies add these updates (Other CAs) before the old ones expire.
- If a final digital certificate is renewed, then this process can be done with a different root CA, considering that the previously old CA is about to expire.
0
 

Author Comment

by:eemoon
ID: 41803804
Excellent explanation! Thank you
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You cannot be 100% sure that you can protect your organization against crypto ransomware but you can lower down the risk and impact of the infection.
Healthcare providers, insurance companies and other covered entities trust eFax Corporate to transmit their most sensitive documents. eFax Corporate can help your organization implement a HIPAA compliant cloud faxing solution.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

803 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question