Is the validity period of the root certificate as long as the server SSL certificate?

In the solution root certificate and server SSL You have to know what they are before the certificate is valid .

What is a root certificate ？

Root certificate means CA Issued by the agency SSL The core of the certificate , It's the starting point of the chain of trust . Every browser has a root Library , Some browsers use their own root certificate Library , Some browsers use third-party root certificate libraries . The root certificate library is a collection of pre loaded root certificates when downloading the client browser . Therefore, the root certificate is very important , Because it ensures that the browser automatically trusts those signed with the private key SSL certificate .

What is a server SSL certificate ？

SSL Server certificate It is a digital certificate configured on the server , It obeys SSL agreement , Through a trusted digital certification authority CA, Issue after the server authentication passes , It has the functions of server authentication and data transmission encryption .

CA The organization will not directly use the root certificate issuance server SSL certificate , Because this operation has risks . If an error occurs and the root certificate needs to be revoked , Then each certificate signed with the root certificate will not be trusted . So the intermediate certificate is created .CA Have many intermediate certificates , But the number of root certificates is relatively limited , Xiaobian guess is also for the convenience of management 、 And store it in browsers and devices .

Root certificate and SSL How long is the certificate valid ？

（ Screenshot of the validity period of root certificate and intermediate certificate ）
We check the validity of the website security certificate , Generally, you can directly click the security lock next to the address bar to see the website SSL The validity of the certificate .

But check this SSL The validity period of the root certificate and Intermediate Certificate in the certificate chain , It can be used SSL Certificate testing Tools , You can see the complete certificate chain information , Including the length of their validity . Pictured above ,AAA Certificate Services The validity of the root certificate is about 10 year , Intermediate certificates are also 10 year , The remaining duration is attached . And the server used by the final website SSL The validity period of the certificate is 1 A little over a year . Why 1 A little over a year ？ The reason lies in CA/B The latest regulations of the Forum SSL The validity period of the certificate cannot exceed 398 God , part CA yes 1 The term of validity of years , Then there was a gift 30 Days , such as sslTrus.

Either way CA Issued by SSL certificate , Both the root certificate and the intermediate certificate are valid longer than the final SSL Length of certificate . The validity period of root certificate and intermediate certificate is generally 10 year , and SSL The validity period of the certificate is 1 year , To shorten the SSL The purpose of the validity of the certificate is to improve the security of the website . This is also the server SSL The function of certificate ！