What is a potential disadvantage of long-lived certificates?

Long-lived certificates can indeed lead to security vulnerabilities due to their lack of expiration. Typically, certificates are issued with a defined lifespan. When a certificate does not expire, it remains valid indefinitely, which poses several risks.

If a long-lived certificate is compromised, an attacker could use it for an extended period without detection. Additionally, in the event that the associated private key is exposed, the certificate's long validity window allows for prolonged malicious activity before the certificate can be revoked or replaced. In contrast, shorter-lived certificates limit the time frame an attacker has to exploit a compromised certificate, enhancing overall security by encouraging more frequent key rotation and renewal practices.

Other options highlight characteristics that do not accurately reflect the inherent drawbacks of long-lived certificates. For example, the ease of generation and management does not pertain to the risk aspect, and the renewal requirement every hour is more characteristic of short-lived certificates. The notion that they are invalidated after one use is also incorrect, as this does not apply to standard certificate practices.