Hi,
I'm wondering is there any best practices/recommendations/guidelines on how and for how long to cache server public certificate on the client side?
There are 3 recommendations described in the spec. Basically, it's saying "do not hard code certificates on a client side".
My view on the problem:
- an application can cache certificates, but it should retrieve it from the server during the startup
- if the certificate is not valid anymore, an application shall query server once again
Are there any official guidelines about for how long certificate can be cached on a client?