Before understanding the validity periods of root certificates and server SSL certificates, it's necessary to know what they are.
What is a root certificate?
A root certificate is the core of the SSL certificate issued by a CA (Certificate Authority) and is the starting point of the trust chain. Every browser has a root certificate store. Some browsers use their own root certificate stores, while others use third - party root certificate stores. The root certificate store is a collection of pre - loaded root certificates when the client browser is downloaded. Therefore, the root certificate is of great importance as it ensures that the browser automatically trusts the SSL certificate signed with a private key.
A root certificate is the core of the SSL certificate issued by a CA (Certificate Authority) and is the starting point of the trust chain. Every browser has a root certificate store. Some browsers use their own root certificate stores, while others use third - party root certificate stores. The root certificate store is a collection of pre - loaded root certificates when the client browser is downloaded. Therefore, the root certificate is of great importance as it ensures that the browser automatically trusts the SSL certificate signed with a private key.
What is a server SSL certificate?
An SSL server certificate is a digital certificate configured on a server. It complies with the SSL protocol and is issued by a trusted CA after the server's identity is verified. It has the functions of server identity verification and data transmission encryption.
An SSL server certificate is a digital certificate configured on a server. It complies with the SSL protocol and is issued by a trusted CA after the server's identity is verified. It has the functions of server identity verification and data transmission encryption.
CA institutions do not directly use root certificates to issue server SSL certificates because this operation is risky. If there is an incorrect issuance or a need to revoke the root certificate, every certificate signed with the root certificate will become untrusted. So, intermediate certificates are created. CAs have many intermediate certificates, but the number of root certificates is relatively limited. It is speculated that this is for the convenience of management and for storage in browsers and devices.
How long is the validity period of root certificates and SSL certificates?
Generally, to check the validity period of a website's security certificate, you can directly click on the security lock next to the address bar to view the validity period of the website's SSL certificate.
Generally, to check the validity period of a website's security certificate, you can directly click on the security lock next to the address bar to view the validity period of the website's SSL certificate.
How to check the validity periods of root certificates, intermediate certificates, and SSL certificates?
However, to check the validity periods of the root certificate and intermediate certificate in the SSL certificate chain, you can use an SSL certificate detection tool, which can show the complete certificate chain information, including their validity periods.
However, to check the validity periods of the root certificate and intermediate certificate in the SSL certificate chain, you can use an SSL certificate detection tool, which can show the complete certificate chain information, including their validity periods.
As shown in the figure above, the root certificate of SSL Corporation is valid for more than 20 years, and the intermediate certificate is valid for more than 10 years, with the remaining time attached. The server SSL certificate finally used by the website is valid for a little over one year.
Why is it a little over one year? The reason is that the CA/B Forum has newly stipulated that the validity period of an SSL certificate cannot exceed 398 days. Some CAs set a one - year validity period and then give an additional 30 - day validity period as a bonus. For example, the Hong Kong Cloud SSL certificate.
Regardless of which CA issues the SSL certificate, the validity periods of root certificates and intermediate certificates are shorter than that of the final SSL certificate. The validity periods of root certificates and intermediate certificates are generally 10 years, while that of an SSL certificate is 1 year. Shortening the validity period of SSL certificates aims to enhance the security of websites. This is also the function of server SSL certificates!
