10 years ago, someone wrote a test for servo that included an expiry in 2026
A computer science department learned a valuable lesson when their private TLS certificate authority, initially set with a 10-year expiration, unexpectedly outlived its intended lifespan. The humorous realization that their systems were still running a decade later underscores a common operational blind spot. This relatable anecdote resonates on HN, highlighting the challenges and often amusing realities of long-term infrastructure maintenance.
The Lowdown
A recent post on Mastodon recounts a common, yet often overlooked, challenge in long-term system administration: the unexpected longevity of infrastructure. The author, jdm_, shared a personal anecdote from a computer science department regarding a private TLS certificate authority that had an unexpectedly short lifespan for its actual usage.
- Over ten years ago, the department set up a private TLS certificate authority to secure their VPN servers.
- They chose a default 10-year lifetime for the root certificate, believing it would be "good enough" for their needs.
- A decade later, the certificate expired, prompting a moment of humorous surprise that the department and its VPN systems were still operational and in use.
- The post highlights the human tendency to underestimate the lifespan of technology infrastructure, even within a computer science setting.
- The department has since implemented new CA root certificates with much longer lifetimes, though they acknowledge practical limitations (e.g., 100 years) due to TLS constraints.
This brief story serves as a relatable reminder for anyone involved in system deployment and maintenance to consider the far-reaching implications of initial configuration choices, particularly concerning expiration dates and the surprising persistence of even seemingly temporary solutions.