Customizable User Certificate Validity Period
User certificates (used for ssl VPNs) has very long duration (20 years?). IT revisions are not very satisfied with such configuration, proposed certificate validity is 1 year or less.
I cann't access mails and websites due to certificate validity problem
I agree i have also problems with the IT revizors with the validity of the certificat for ssl it is recomended that the certifikat should be 4 years or more but not 20 or 30 years, this is definitively too much, because od security reasons. They should implement a possibility to change the validation of the certificat or to import or make a certificat to the security policy of the company, someone hase more secure and other less.
Rados Gregoric commented
I agree, that such configuration could cause some extra work, but at least I would know which users are still active. Problem is not with our roadwarrior users, because I know who left the company and I can disable user, but there is no way I can force outside supporter to notify me if someone with VPN access leave them.
Hagen von Eitzen commented
Handing out 50 user certificates with 1 year validity implies one renewal per week on average. Always a chance to annoy the help desk.
A good CRL should be good enough to take care of obsoleting certificates.