What is Oracle's recommended expiration period for a public key certificate used in JWT creation?

Unlock all questions

This demo includes only 20 questions. Upgrade to access hundreds of questions, flashcards, exam simulations, and disable ads.

Full question bankExam simulationsFlashcards
From $25.99Unlock all

Prepare for the Oracle FDI 1Z0-1128-24 Test. Enhance your skills with an extensive range of questions and in-depth explanations. Achieve your certification with confidence and join a community of professionals!

Multiple Choice

What is Oracle's recommended expiration period for a public key certificate used in JWT creation?

Explanation:
Keep the certificate’s validity window reasonably short, but not so tight that it creates constant maintenance. Oracle’s guidance favors a 365-day expiration for a public key certificate used to sign JWTs because a one-year period provides a practical balance between security and operational overhead. A certificate that expires after a year limits the window of opportunity if a private key is compromised, while still being manageable to rotate and publish to relying parties (for example, via JWKS). When the certificate nears expiration, you rotate the key and update the public key distribution, ensuring JWT signatures can continue to be verified. Longer lifetimes, like two years, raise risk by extending the period during which a compromised key could be used without detection. Shorter lifetimes, such as six months, add administrative burden without proportionally increasing security, given that you typically have other controls (token lifetimes, revocation mechanisms, etc.).

Keep the certificate’s validity window reasonably short, but not so tight that it creates constant maintenance. Oracle’s guidance favors a 365-day expiration for a public key certificate used to sign JWTs because a one-year period provides a practical balance between security and operational overhead. A certificate that expires after a year limits the window of opportunity if a private key is compromised, while still being manageable to rotate and publish to relying parties (for example, via JWKS). When the certificate nears expiration, you rotate the key and update the public key distribution, ensuring JWT signatures can continue to be verified.

Longer lifetimes, like two years, raise risk by extending the period during which a compromised key could be used without detection. Shorter lifetimes, such as six months, add administrative burden without proportionally increasing security, given that you typically have other controls (token lifetimes, revocation mechanisms, etc.).

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy