Three year SSL/TLS certificates cease to be issued

(22.1.2018) The issuance of three year SSL/TLS certificates will be ended. From 20th February it will not be possible anymore to purchase a certificate with a validity of three years. Already issued certificates will of course not be affected by this change.

The decision to shorten the validity period has been made by the CAB forum

In the accepted proposal Ballot 193 the CA forum decided to limit the maximum validity of the SSL/TLS certificates to 825 days (27 months). All major browsers and certificate authorities have agreed to the proposal, which means it will apply for all CAs.

As the maximum duration of EV certificates has always been two years, the change will only affect domain and organisation validated certificates, which currently have a maximum duration of 39 months.

How will the change affect you as a customer of SSLmarket

As mentioned before, it will not be possible to issue a certificate with a duration of three years effective 20.02.2018. As of this date you will logically only find certificates with a validity period of one or two years on SSLmarket; but how will the change affect the already issued 3-year certificates?

If after 20.02.2018 no reissue request is made, the change will not impact you. With the following example we would like to illustrate how the change affects a reissue that is requested after 20.02.2018:
A certificate with a duration of three years was requested and issued on 01.01.2018. It will be valid until 31.12.2020 – 1095 days. However, if a reissue is requested after 20.02.2018, the reissued certificate will – according to the new rule – only have a validity of 27 months, or 825 days. If the reissue process was requested and completed on 20.02.2018, the certificate will only be valid until 25.05.2020.

This limitation must be considered when ordering 3-year certificates.

The shortened validity period brings about several advantages

Reducing the validity period to two years is not only a restrictive measure – it makes sense and brings the user several advantages:

The necessary verification for OV and EV certificates which is conducted by DigiCert, remains valid for two years. In case of a timely renewal, you can skip another verification process – DigiCert will use the existing and already verified information.

Three years is a long time in the ever changing world of websites. Web projects are changed often or even taken offline. You will not face the problem of having invested in a three year certificate, for which the domain name of owner needs to be changes. One or two year certificates are more practical, also in this regard.

Don't worry about the more frequent renew. If you activate the autorenew feature, there is no need for you to remember the expiration date of your certificate. In combination with the automatic payment and the validity of the verification, the whole process will save you from forgetting to obtain your certificate in time.

News archive