Comment by tempest_
1 day ago
The main answer is a lot of the software on that page predates SSLs deprecation and people (sysadmins especially, because they wrote some bash script 20 years ago and want it to keep working) like backwards compatibility.
I think the bigger answer is certificate vendors won't stop using the term.
Maybe, but who is actually still buying tls certs from a vendor?
We do or will until Certificate lifespan changes. We have customers cert pinning our API cert at work (shitty Enterprise security practices) so constant 60 days rotation with LE or ZeroSSL caused endless support heartache because these enterprise customers demanded we tell them when and what new fingerprint was.
So, 1-year certs and renew 60 days out, send out new fingerprint and at 30 days, we would occasionally swap it in and out as brownout with replacement at 15 days.
We have already indicated when it drops to 100 days, we will swap to automation and no longer communicate when changes will occur. Account Managers are already getting push back from customers. It's possible we will continue using Digicert because they seem to promise that Intermediate certs won't rotate unlike Let's Encrypt which rotates them more frequently which is better security practice. So Enterprise customers will cert pin to Intermediate instead.
Lots of people, I certainly don't trust free providers, and I think it's a lot less likely that malware will use a non-free cert, so some people trust those more. Plus there are email, code-signing and other cert types that aren't provided for free.
18 replies →