Comment by dingaling

> it reduces the validity period of private keys that could be used in a MITM attack if they're leaked

If a private key is leaked, 45 days is sufficient to clean-out the accounts of all that company's customers. It might as well be 10 years.

If cert compromise is really common enough to require a response then the cert lifetime should be measured in minutes.