Questions tagged [expiration-date]
20 questions
62
votes
6 answers
How to Securely Implement a "Remember Me" Feature?
Assuming you already have a website that implements all of the standard login stuff, what is the correct and most secure way to allow users to automatically be logged in for a certain time period (let's say 30 days)? This time period should be…
colithium
- 833
- 1
- 8
- 10
4
votes
2 answers
How do short lived certificates increase security?
After reading a blog post about the new Roughtime protocol, I am not convinced of the original premise that shorter certificate lifetimes increase security. The claim is that a shorter time somehow reduces the exposure if a secret key is…
John Deters
- 33,650
- 3
- 57
- 110
3
votes
1 answer
Why does Windows consider a certificate valid even after its expiration time?
I downloaded Google's Cloud SDK installer today, and upon checking the certificate to validate it, I noticed something strange: the expiration date of the certificate appears to be December 22nd 2019 - over four months from today, April 30th 2020.…
Opalium
- 33
- 3
3
votes
3 answers
What happens when the timestamper's certificate expires?
What happens when the timestampers certificate expires?
If the code is now untrusted, can it be re-stamped without re-signing?
If not, what good does this timestamp do me if my cert is valid until the same date?
TimeStamperCertificate :…
Jonathon Anderson
- 171
- 6
3
votes
2 answers
JWT access token and refresh token
We have two applications App1 and App2. A user uses a browser to communication withe apps. App1 supports different auth. mechanisms (SSO, usr/pwd, etc.) but App2 doesn't have any access to auth data and doesn't support any auth. mechanism. So we…
sgres
- 129
- 2
- 8
2
votes
0 answers
What is the name of the OpenSSL date format?
The OpenSSL date format has the month first and the year after the time.
Example: Mar 18 10:55:00 2017 GMT
See also here: https://www.shellhacks.com/openssl-check-ssl-certificate-expiration-date/
Does anyone know the name of the standard behind this…
Ray Hulha
- 121
- 4
2
votes
2 answers
How can an expired SSL certificate make the server and/or client vulnerable to MITM attacks?
When I see the warning on my browser about "Invalid Certificate" or "Untrusted Certificate" , I might have doubt about a MITM attack at my network. Should I have the same concern when I see that the certificate expired warning? As I know, it happens…
Pilfility
- 442
- 4
- 14
2
votes
1 answer
Authorization expiration without reliable clock / time
I've been looking, but I think its impossible to find a pairing solution that has the benefits of authorization expiration and renewal (like x509 cert expiry and OAuth expires_in), but that works without a reliable clock.
I want it because renewal…
Raveclatter
- 21
- 1
2
votes
2 answers
Stateless secure token that can expire?
I want to generate a link that will be given to a user. On this link, as a parameter, I will add a token that will be valid only for a few days. So after that time, the server will check the token, see that it's not valid anymore, and disallow the…
laurent
- 751
- 1
- 8
- 22
1
vote
1 answer
Can I change expiration date of a gpg key I've already sent to a key server?
ArchLinux wiki page on GnuPG reads
Once a key has been submitted to a keyserver, it cannot be deleted from the server.
Does that mean that also the expiration date with which I published the key via gpg --send-keys key-id cannot be changed?
Enlico
- 153
- 7
1
vote
1 answer
Request certificate expiration date in CSR
I want to see how my application will behave in case if the SSL certificate expires.
CSR are signed by CA, so they are not self-signed and the validity period is 2 years. For my test I want to set the expiration period as 1 day. I don't have…
Alex
- 412
- 1
- 8
- 14
1
vote
2 answers
Do registration codes need expiry?
I work on an application where users are sent a unique registration code in the post. They use this, along with other personal information known to the user, to confirm the identity of the user upon creating a new account.
Does the unique…
Daniel
- 11
- 1
1
vote
0 answers
How does PGP web of trust handle certificate expiration?
I have certificate that expires in two years. I'll probably try to participate in key signing party so I get to know what it actually looks like.
What happens in two years? When my certificate expires, and I'll renew it by setting later expiration…
SoptikHa
- 111
- 2
1
vote
1 answer
Why is the need to expire OTP?
OTP can be implemented either using Google Authenticator or by sending SMS to the user. The GA code is created using a timestamp and the code expires if it's used after some time.
However, in case of SMS, the OTP value is saved in the database on…
Shashwat Kumar
- 161
- 1
- 6
1
vote
0 answers
Certificate revocation with reason code removeFromCRL
RFC 5280 says:
"The removeFromCRL (8) reasonCode value may only appear in delta CRLs and indicates that a certificate is to be removed from a CRL because either the certificate expired or was removed from hold."
My question is: in which scenarion is…
André Zúquete
- 21
- 3