Recently Windows Azure Storage SSL certificate expired and that causes a lot of problems. Now the certificate can be retrieved by any user and so everyone could have noticed that it was going to expire.
Now what's the typical timeframe of replacing a soon to expire certificate? Is is a month before expiration or a week before expiration or any other time?
In other words, suppose I'm validating a third party service certificate and see that it expires in N days. If I notice it one day in advance it may be too late – I'll need time to contact the service owner and they will need time for reissuing the certificate and replacing it. If I notice it one month in advance – it may be too early to raise alarm – maybe the service owner is about to replace the certificate a bit later.
What's the value of N such that if the SSL certificate is about to expire in N days it's likely that the service owner has forgot about its expiration? What's the common practice of when to update a soon to expire SSL certificate?
Best Answer
Comodo starts alerting at 60 days, http://www.instantssl.com/ssl-certificate-support/server_faq/ssl-certificate-renewals.html
GoDaddy recommends 60, http://support.godaddy.com/help/article/864/renewing-your-ssl-certificate
Entrust recommends 30, http://www.entrust.net/ssl-technical/renew_faq.cfm
Others don't seem to have a start recommendation easily found
Universally it seems to be documented that to renew before the 15 day mark.