SSL Certificate

SSL Certificate Lifetimes to Undergo Change

May 23, 2017 | By Comodo SSL

Growing security threats have forced standard web browsers to recommend only SSL certified websites as ‘secure ones’, while labeling others as ‘non-secure’ or ‘not so secure’. So the need for SSL certificate is more than ever now if your website is to be perceived as a reputed one. And since SSL certificates have gained so much significance – and benefits of SSL certificate are being highly appreciated – it is worth making a note of the latest changes to be implemented in relation to their lifetime(s), as decided by CAB Forum Ballot 193.

Soon, 3-year SSL Certificates will become a thing of past, indicates CAB Forum Ballot 193, which has been passed successfully. As per this, 3-year validity is to be reduced to 2 years and an 825-day period limit has been placed on certificate validation information. This is being done to address the security and logistics issues inherent with long-life certificates.

The lifetime reduction of SSL Certificate takes effect on March 1st, 2018, while 825-day certificate validation period limit has immediate effect.

So basically,

  • Certificate Authorities (CAs) will not be issuing 3-year SSL certificates from March 1st, 2018.
  • Effective immediately, validation information needs to be completed within 825 days of the issuance/re-issuance of your SSL certificate.

These changes affect only DV and OV SSL Certificates and not the EV ones. EV SSL Certificates are already limited by strict maximums in both the aspects. They have a maximum lifetime of 27 months only and 13 months for validity information.

Let’s take a look at how these changes will impact those who use (or plan on using) 3-year SSL certificates by taking up some scenarios.

SCENARIO 1: You Wish to Make the Most of 3-Year SSL Certificate [Because There’s No Need for You To Replace or Reissue Them].

Yes, you very well can. But they should be got before or on 1st March 2018. These SSL certificates will be fully operational until 2021. But what if a security vulnerability arises which forces you to reissue the certificate? That would be a waste of money. Of course, you can choose not to reissue the certificate and instead deal with degraded treatment from various web browsers. So it’s entirely up to you.

SCENARIO 2: You Have An Existing 3-Year Certificate Which Needs Reissuing After March 2018. Will this affect 825-day validity period.

No. Whether you are on this or that side of 1st March, 2018, you’ll have an 825-day validity period. So reissuing a certificate (which is same as issuing new one) will have maximum validity of 825 days to meet the latest requirements.

SCENARIO 3: You Have an OV Certificate Which Needs Reissuing

If you are affected or not depends on when the validation of your certificate was originally completed. This could affect your 1 or 2 year OV SSL Certificates.

Validation is the process of validating (or attesting) the existence of your legally registered company. When the validation period (which has now been reduced to 825 days) expires, you should reapply for the same.

SCENARIO 4: You Have a DV Certificate

Not many changes happen in relation to DV Certificates. Their lifetime is reduced to 825 days. They cannot get 3-year certificates after March 2018. And like usual, should re-validate their domain ownership everytime a DV Certificate is re-issued, which involves setting up a DNS record, uploading file to server via FTP, or confirming an e-mail.

Finally, another factor which should be considered is the possibility of some well-reputed CAs like Comodo and other certificate providers., choosing to restrict (or stop) 3-year SSL Certificates before March 2018. That is, well before industry mandated deadlines. This has happened before. It could happen again. So, you should be prepared for this as well.

ssl certificate

Posted in SSL Certificate

Be Sociable, Share!

Leave a Comment


* fields are mandatory