Solved

Why Root CA Cert does not have expiration date?

Posted on 2016-09-18
2
63 Views
Last Modified: 2016-09-18
Hi As we know the below is a chain. The last two elements have expiration date. and need to update. But I have not heard the first one Root CA Cert need to update. Why is that? Thank you

Root CA Cert > Intermediate CA Cert (bundle of Sub CA) > Server SSL cert
0
Comment
Question by:eemoon
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 14

Accepted Solution

by:
Schnell Solutions earned 500 total points
ID: 41803781
If they are certificates using the standard X.509 the CA normally will have its expiration date. And its expiration date is important, because no certificate under its chain can have an expiration date after the date of the Root CA Cert.

Usually Root CAs are never heard of been updated because of the following reasons:
- Their expiration date is usually set for lasting a long line. For example: 40 years.
- They are not renewed by the final user, they are renewed in the PKI itself. An administrator just works with it if it is an internal CA and its certificate needs to be renewed.
- OSs add new CAs to their repositories with OS updates, and usually the issuer companies add these updates (Other CAs) before the old ones expire.
- If a final digital certificate is renewed, then this process can be done with a different root CA, considering that the previously old CA is about to expire.
0
 

Author Comment

by:eemoon
ID: 41803804
Excellent explanation! Thank you
0

Featured Post

What, When and Where - Security Threats from Q1

Join Corey Nachreiner, CTO, and Marc Laliberte, Information Security Threat Analyst, on July 26th as they explore their key findings from the first quarter of 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Microservice architecture adoption brings many advantages, but can add intricacy. Selecting the right orchestration tool is most important for business specific needs.
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question