Question about https SSL certificate changing

Is it more secure to change an SSL certificate more regularly, say, every three (3) months,
or to obtain one that lasts for years, and just keep that until it expires? The odds towards it being broken are randomly better or worse, usually. So is there any security advantage in reguarly changing an SSL certificate, or not, really?

Depends on what you want.
If you want security, renew SSL cert every 3 months.
If convenience is your thing, get a self-sign cert to work with your custom domain using CloudFlare (SSL full mode)


How exactly renewing your cert more regularly make it any more secure, generally speaking? How exactly does a cert work? I am familiar with public/private cryptography. Is the cert itself a public or private key, or an encrypted message? If so, which one of those?

Shorter lived certificates are considered safer, because there is less damage if a key gets leaked.


-What would the difference be between a short life certificate and a long life certificate if there is no security compromise, or yet?

Of course it’s the duration

If you change your account password every 3 months vs every 1 year.
Which one is safer?


It’s more secure to get a new one every year. In fact, it’s so obviously much safer, that no browser and now certificate vendor will give you a certificate that’s valid for more than a year. Because having a certificate that lasts longer than that is just not safe.

SSL certificates (or rather their private keys) can get stolen, leaked or otherwise obtained maliciously. Certificates can often be revoked, but that’s not always possible and doesn’t always work everywhere. So instead, it’s safer to use certificates that don’t last so long. In case a key gets leaked, a hacker would only be able to use it for a short time until it expires (by which time the hole that allowed them to get the certificate should be fixed).

The certificate is a kind of public key. The private key of your certificate is the matching private key in public/private key cryptography. The encrypted message is the data exchanged between your visitor and your website when they access your site over HTTPS.


3 posts were split to a new topic: Password Security

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.