That 398 day validity limit, and the proposals to go down to 90 or even 30 days, applies to public CAs. Cloud Authentication and Policy uses a private PKI, so it's not applicable.
------------------------------
Herman Robers
------------------------
If you have urgent issues, always contact your Aruba partner, distributor, or Aruba TAC Support. Check
https://www.arubanetworks.com/support-services/contact-support/ for how to contact Aruba TAC. Any opinions expressed here are solely my own and not necessarily that of Hewlett Packard Enterprise or Aruba Networks.
In case your problem is solved, please invest the time to post a follow-up with the information on how you solved it. Others can benefit from that.
------------------------------
Original Message:
Sent: Jul 31, 2024 08:03 AM
From: Alan Mercer 2
Subject: Can you change the length of the certificate when using Cloud Auth with Entra ID?
Per changes by Google, Apple, and other browsers as well as the certificate authoriities, public certificates are only being issued for 1-year periods by most certificate authorities, although up to 398 days are permitted. There appears to have been several reasons for this including reducing exposure to compromised private keys and changes in encryption and hashing algorithms to ensure certificates are not using deprecated ciphers. Of course, the CAs are in agreement not only from a security standpoint, but due to product tying of automated certificate management platforms. With Certificate prices becoming more competitive, the issuers are looking for additional revenue streams, thus automated management of certificates is a logical avenue to replace reduced income. The likelihood is that replacement periods will decrease, I've seen GoDaddy pushing 3-month certificates.
Original Message:
Sent: Jul 30, 2024 12:22 PM
From: skywong
Subject: Can you change the length of the certificate when using Cloud Auth with Entra ID?
When we use Cloud Auth with Entra ID, users will use the portal to register their devices and download the configuration file with the certificate. I see that the certificate is valid for 1 year. Is there a way to change the default validity period?