Solved

Why Root CA Cert does not have expiration date?

Posted on 2016-09-18
2
36 Views
Last Modified: 2016-09-18
Hi As we know the below is a chain. The last two elements have expiration date. and need to update. But I have not heard the first one Root CA Cert need to update. Why is that? Thank you

Root CA Cert > Intermediate CA Cert (bundle of Sub CA) > Server SSL cert
0
Comment
Question by:eemoon
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41803781
If they are certificates using the standard X.509 the CA normally will have its expiration date. And its expiration date is important, because no certificate under its chain can have an expiration date after the date of the Root CA Cert.

Usually Root CAs are never heard of been updated because of the following reasons:
- Their expiration date is usually set for lasting a long line. For example: 40 years.
- They are not renewed by the final user, they are renewed in the PKI itself. An administrator just works with it if it is an internal CA and its certificate needs to be renewed.
- OSs add new CAs to their repositories with OS updates, and usually the issuer companies add these updates (Other CAs) before the old ones expire.
- If a final digital certificate is renewed, then this process can be done with a different root CA, considering that the previously old CA is about to expire.
0
 

Author Comment

by:eemoon
ID: 41803804
Excellent explanation! Thank you
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Godaddy Root Certificate 2 79
ADFS SSL Clarification 4 55
How to stress test an ASP.NET https website 3 62
SSL certificate pack 6 155
Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

911 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now