I know very little about certificates and online security, but I'm also kind of baffled by the expiration time of the iniLINE certificate (2018-10-10 to 2099-12-31). I feel that's also a poor practice, right? What should a regular expiration time be for a proper root certificate?
michaelt|3 years ago
There's no authority above root certificates,* able to sign new certificates - that's what it means to be a root certificate. So root certificates will often have super long durations.
For example, the certificate HN uses is signed by "DigiCert Global Root CA" - valid from 2006 to 2031.
* Unless you count the power of OSes/browsers to push updates with new certificates.
palant|3 years ago