Has anybody heard if the upcoming 47-day maximum on TLS cert lifetime will apply to Enterprise wifi auth using private PKI (especally on IOS and Android)?

We have a campus CA that signs the TLS cert used by RADIUS when students connect to wifi using personal devices. Freshman need to accept the cert once (hopefully after checking the fingerprint), then usually one more time before graduation. Every 47 days would be difficult.

  • irq0@infosec.pub
    link
    fedilink
    English
    arrow-up
    3
    ·
    5 months ago

    The CAB Forum only govern public CAs and certificates and the use of certs on the public internet. Your private PKI will be unaffected by the new changes. On top of that the change will be introduced gradually, the first reduction is in March 2026 and will limit certs issued after March 2026 to 200 days so even if you saw some impact for some reason you’d still have a couple of months to put a fix in place

    Freshman need to accept the cert once (hopefully after checking the fingerprint)

    Nobody is checking the fingerprint, nobody