SynopsisThe SSL certificate is valid over a time period that is too long.
DescriptionThe CA/Browser Forum has passed a resolution setting the maximum validity period for SSL/TLS subscriber certificates via ballot 193.
Certificates issued after March 1, 2018 may not be valid longer than 825 days. Certificates issued after July 1, 2016 through March 1, 2018 may not be valid longer than 39 months. Certificates issued on or before July 1, 2016 may not be valid longer than 60 months.
Long validity periods encourage certificate owners to keep certificates in production that have vulnerabilities associated with weak cryptography and that may be out of compliance with other security guidelines.
Note: CA/Browser Forum ballot 193 specifies policy based on the day the certificate was issued. SSL/TLS certificates do not carry an issuance date. This plugin uses a certificate's 'Not Valid Before' date as a proxy for the date the certificate was issued.
SolutionReplace the SSL certificate with a certificate having a validity period less than or equal to 825 days.