Comment by Y-bar
10 days ago
How will this impact self-signed local certificates? Can we still use a five-year lifespan on those or do we need to reduce it to <398 days?
10 days ago
How will this impact self-signed local certificates? Can we still use a five-year lifespan on those or do we need to reduce it to <398 days?
Your local certificates are not bound by the Baseline Requirements at all; they're irrelevant to you. You can do whatever you want if your CA is not in a root program.
The article doesn't even mention cert lifetimes.
But the answer is no, self-signed certs dont have to folllw c/ab.
The links in the article mentions the hard limit on certificate lifetime.