Self-signed certificate becomes invalid after some time

Question

I have a web site hosted on IIS webserver. I've created a self-signed certificate for the web site and installed on a client machine. When I install the certificate to a client machine, I can establish trusted connection between the client and the web site. But there's this problem that after some time -which is approximately something like 2 weeks- the certificate installed in the client becomes invalid and I can no longer make SSL connection. Just reinstalling the same certificate helps shoot away the problem. Do you have any idea why would this happen? What should I do to prevent this?

EDIT: The client runs Windows7. Browser is Google Chrome. When I say reinstalling, I mean on the client machine and by adding it to the trusted root. It happens about every 2 weeks.

EDIT2: I've just realized that the error message is generated from a windows app that my web application uses to sign documents electronically. So it's not related to a browser.

Answer 1

The X.509 standard (https://en.wikipedia.org/wiki/X.509) defines how certificates have to look like and there is a mandatory field defining how long a cert should be valid.

Not sure how you created the cert (maybe from IIS management panel?). But I guess your tool just chooses a short lifetime for you cert by default. Either find a way to create a long living cert (like a year or more) with your current tool or use openssl to create it by hand (see https://stackoverflow.com/questions/10175812/how-to-create-a-self-signed-certificate-with-openssl) so you can explicitly choose the lifetime of your certificate.