The new SSL Certificates maximum validity reduced to 825 days – that’s two years with some wiggle room for renewal and replacement – will take effect March 1st, 2018.
What does that actually mean?
This basically means you can only validate your SSL Certificate for a maximum of 2 years. In March of this year, CAB Forum Ballot 193 was passed, which reduces the maximum lifetime of SSL Certificates from three years down to two years. The reason this is being done is to address the security and logistic issues that are characteristic to long-life certificates.
What is the CAB you ask? The CAB Forum is a group of professionals within the industry. They work together to set many of the rules surrounding SSL Certificates; how they are issued and formatted. Its membership is made up of Certificate Authorities, CAs are the business who issue certificates, and web browsers, where SSL Certificates are most often used.
How does SSL Certificates maximum validity affect you?
SSL Certificates maximum validity will affect anyone who needs to purchase a new certificate and even existing ones, all Certificate Authorities and every type of certificate (DV, OV, and EV).
Here is a breakdown of the quick and simple changes:
Effective as of March 1st, 2018: all new SSL Certificates will be restricted to a maximum of 825 days. Which works out to be 2 years + 3 months renewal and replacement buffer. This affects all certificate types: DV (Domain Validation), OV (Organization Validation), and EV (Extended Validation) certificates.
Those who prefer to have long-life certificates will be able to get new 3-year certificates until March 2018, which will secure their sites until June 2021. However, they will need to be prepared for 2-year certificate replacements and should also keep an eye out for the SSL Certificate maximum validity to shorten even more as the industry moves toward a yearly model.
Effective as of April 20th, 2017: validation information needs to have been completed within 825 days of the issuance/re-issuance of your SSL Certificate. Because this requirement is already in effect, there will be some inconveniences for both existing and new 3-year certificate holders who need to reissue their certificate in its last year.
Shorter-term certificates (1-year) are not affected by either of these changes.
On top of these, there are many other different scenarios in which this change could affect your business. Therefore, if you have an SSL Certificate that needs to renew or you need a new one, please give us a call and we will be happy to look at your account to see what steps you need to take to make sure your SSL Certificate is valid.