Certificate Lifespan
- The declared value of the certificate lifespan affects the serviceability of the certificate server.
- The certifying authority can only issue certificates that have a lifespan less than the root, which is true for the entire hierarchy, if implemented.
- Subordinate certifying authorities are configured with a shorter lifespan.
- Users can use the certificate services for that shorter span.
- Certifying authorities may be renewed and the lifespan subsequently changed.
- This requires administration.
- Keep administration to a minimum to decrease the opportunity of service interruption due to human intervention or accident.
What about database and configuration storage?
© 2006 John Michael Pierobon
Notes
![[OUTLINE]](../images/index.gif)
![[PREVIOUS]](../images/back.gif)
![[NEXT PAGE]](../images/next.gif)
![[CHAPTER 4]](../images/up.gif)