Certificates for SSL-enabled embedded systems

Question

I have an embedded system that I expect to be in use for the next 15 years or so, and it has an https-based administration console. From what I understand:

• If I have a self-signed certificate, web browsers will complain.
• If I have a CA-signed certificate, it will expire fairly soon over the lifetime of the product, and web browsers will complain.

Is there any way to have a long-life certificate so browsers won't complain, or is it necessary to release new firmware every time the certificate expires over the life of the product? Or provide a way for the users to load a new certificate?

Answer 1

This could be one of the rare cases where a self-signed certificate is the correct approach. How many people will need to administer the box? I would think few, and part of the deployment of the box would be to have the certificate installed into the truststore of the administrator's browser.