No link is needed to understand your issue. It could be the type of Certificate that is affecting the Chrome validity. The technology that was good enough may not meet the higher encryption standards required today. I would look into the encryption level of the Certificate, and maybe visit the Certificate supplier's site to see if they can upgrade it. Chrome started moving that direction about 6 months ago, along with the big Google push to SSL for "all" sites.

Thanks DenRein

No need for a link.

Do you get the same effect with other sites that don not belong to you?

Not2easy: Clicking the lock symbol shows what Chrome thinks the problem is. It states "The server certificate has a validity period that is too long". The connection section is green and shows the connection is TLS 1.2, AES_128_GCM, and ECDHE_RSA.

engine: we have the same question. Are others seeing this? For example, I went to a banking site. No error but then they are using a 1 year cert. The issue in my mind is the 5 year cert and I don't know of https sites other than mine who have one.

not2easy: I failed to completely comprehend what yoou were saying. Visiting the ssllabs site and running a test, I see that my cert is encrypted with SHA-1. If you Bing for "chrome sha1 deprecation" the very first link to the symantec site explains exactly what I am seeing.

The diagnostic message obfuscates what the real problem apparently is.

I am now in process of having certs re-issued with SHA-2

Chrome is just particularly quick to implement a new requirement:

The CA/Browser Forum is a voluntary organization of Certification Authorities and suppliers of Internet rowser and other relying-party software applications.
...
2015-04-01 9.4.1 CAs SHALL NOT issue certificates with validity periods longer than 39 months.

[cabforum.org...]

Actually, the implementation may be a bit too broad, as the requirement is not meant to be applied to certificates issued before 2015-04-01.

bird: I was thrown off by the bogus chrome error message: "The server certificate has a validity period that is too long"

What I now think is going on is:

"Sites secured with a SHA-1 certificate expiring on or after 1 January 2017 will be treated as “affirmatively insecure”. The lock will have a red “X” over it with the letters “HTTPS” crossed out with a red font as in this example provided by Google" ref: [symantec.com...]

I can also partially verify this with another site having a more recent 5 year cert. I say "partially" because the underlying server tech differs considerably.

Sorry DenRein, I should have done this lookup earlier for you, it is in my notes from last September:
[googleonlinesecurity.blogspot.com...]

The SHA-1 cryptographic hash algorithm has been known to be considerably weaker than it was designed to be since at least 2005 — 9 years ago. Collision attacks against SHA-1 are too affordable for us to consider it safe for the public web PKI. We can only expect that attacks will get cheaper.

That’s why Chrome will start the process of sunsetting SHA-1 (as used in certificate signatures for HTTPS) with Chrome 39 in November.

They may have moved up the timetable.

not2easy: according to the symantec article cited, they are right on schedule with the rollout. What they did not do in the time they had to roll this out is come up with a meaningful error message. "The server certificate has a validity period that is too long" just doesn't cut it.

Yes, I have had had Chrome saying security certificates are no longer valid for websites that IE and Firefox seem to load fine. Are they going to far in the other direction in regards to security?

Isn't it always going too far if you make your changes retroactive?
"Effective five years from today, we will no longer honor five-year certificates" is one thing. "Effective next year, we will no longer etcetera" is another thing.

Thanks all. It took me a day and a half but I have been able to confirm that re-issuing the SSL certs (with SHA256 hash) does fix this problem on my development system. At $25 for 5 years (sigh ... I will miss the convenience of 5 year certs RIP), I have certs for my local machines to do SSL test/develpment. In a few hours, I will roll out re-issued certs to my customers.