378
you are viewing a single comment's thread
view the rest of the comments
[-] elvith@feddit.org 23 points 5 hours ago

The only technical explanation that’s not malice would be that some certificate store on the device had expiring certificates and would need an update to continue to function (or rather connect to remote servers).

[-] gressen@lemmy.zip 1 points 3 hours ago

Are there ever certs that expire in 3 years?

[-] elvith@feddit.org 1 points 44 minutes ago

It depends on their use. The most common certificates that you will "use and check" (implicitly) all the time are probably those, that get served by websites and the APIs that apps talk to. Those are usually quite short lived. Let's Encrypt IIRC issues them with a default life time of ~90 days and there's a push industry wide to reduce their lifespan generally to... IIRC something around 40 days. But there are more usecases and certificates and those may be valid longer. E.g. a developer that signs their code/compiled binaries.

Or - and thats more relevant - when you check a certificate you do not only check it's content, you also check that it was issued and signed by someone "you" trust (or rather the software on your device trusts). Ususally there's a central store on your PC managed by Microsoft (for Win), Apple (for Mac) or your Linux Distribution with a list of certificates that your device trusts. Those are usually quite long lived (often several years, probably even more than a decade). But will also end. And there will be new ones to replace the old ones. Or new vendors that get added to this trust store. If you do not update your device, this trust store won't change.

There are now several versions how this can affect the apps in this case, e.g.

  • They might not be able to talk to servers using "newer" certificates, as they cannot validate them. There might even be the problem, that the update mechanism breaks, as it wouldn't be able to get updates from the server to get new certs effectively locking you out.
  • They might only allow apps that are signed by them, but their old cert is running out and if it's invalid, they might prevent the apps from running (as their cert is now untrusted) - note that you can provide ways around that (e.g. checking if the cert was valid when it was issued vs. checking if it would be valid now), but for a device that's designed to be able to get updates, you might have forgotten that or didn't think it was an issue or...
[-] Majestic@lemmy.ml 1 points 1 hour ago

Yes. Certs can expire after whatever time the issuer wants to set for them. That could be six months or 20 years. Some infrastructure has limits on max and min lengths (more max than min usually) but not all and there are best practices as well.

More importantly the certs could have been five years old by the time this person got the TV for a total age of 8 years.

this post was submitted on 17 Jul 2026
378 points (99.2% liked)

Technology

86401 readers
2823 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related news or articles.
  3. Be excellent to each other!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, this includes using AI responses and summaries. To ask if your bot can be added please contact a mod.
  9. Check for duplicates before posting, duplicates may be removed
  10. Accounts 7 days and younger will have their posts automatically removed.

Approved Bots


founded 3 years ago
MODERATORS