Shorter-lived certs

[konklone]

Is it possible, with the upstream APIs you've integrated with, to get 1 year of authorized reissuances from SSLMate, but to have each certificate be valid for a subset of that time, from the date of reissuance?

For example, I'd love to start using shorter-lived certs, with an initial goal of 3 months, Google-style. This makes a compromised key/cert less useful to an attacker, and forces us to get an automated apparatus in place for managing them. Maybe someday, we can get to certs that last 1-2 days (which may have some performance benefits in the future).

It's not an urgent feature request. But I'd love to know if SSLMate can make this possible.

[AGWA]

I very much want short-lived certs as well, and they would fit in so well with SSLMate's approach to automation. Unfortunately, it's not currently possible to request an early expiration date with any of the upstream APIs that SSLMate uses (or even the ones we don't use which I've examined). I hope to change this, but it will likely be a long-term project, and is currently lower on the priority list than some of the other things I'm trying to get CAs to change.