In our MWG deployment, we have enabled SSL scanning and we are using MWG root CA on the client machines. When a CERT is being generated, we have an option to select the validity period (say 10 yrs) and accordingly the CERT is being generated. However when this CERT is exported and used in client browser and when a SSL enabled website is being accessed, the CERT validity period shows1 yr. But the root CERT validity still shows 10 yrs. Pl refer to the attached images.
In this is the case, do need to regenerate the CERT every yr and push it to client machines? If anyone is aware of the CA process pl explain.
the process is:
A root CA is created
This root CA is empowered to create certificates for other servers
In case the CA is unknown to the browsers, these will prompt for certs issues by this CA. Whereas if the CA is known to the browsers a trust has been built and the broswers won't prompt for certs comming from server.
So if the CA is trusted, there is no need to reimport any server certs, even if they are regenerated.
For you case, just import the CA and you will be fine for the next 10 years.