From March 1, 2018, the maximum validity of SSL certificates will be dropped to two years
Beginning March 1, 2018, all certificate issuing authorities will stop issuing 3-year SSL/TLS certificates. The CA/Browser forum approved this decision last year, and now it’s going to come into effect. Due to this move, the maximum period of validity will be 825 days (2 years + additional renewal time).
Until now, only Extended Validation (EV) SSL certificates were limited to the 2-year boundary. From 1st of March, DV and OV SSL certificates too will come under this umbrella.
Why is this happening?
It’s evident that the website admins are not going to like this move as they’ll have to renew SSL certificates every two years instead of three. But, as they say, ‘You have to lose something in order to gain something.’ Apart from the renewal hassle, the 2-year validity is beneficial to everyone from a security point of view. Primarily, there are two reasons behind it. They are:
- Keeping the technologies behind SSL certificates up-to-date
- To verify that the organizations/enterprise are still active
Years of research and thousands of tests go into developing secure algorithms that power SSL/TLS certificates. The cryptographers try to make them as secure as possible so that not hacker could crack it. However, as it happens, they do – eventually. Some of the protocols, algorithms that have been broken have been deprecated. That’s exactly why SSL certificates should be running on latest technologies. And if we use a five-year SSL certificate, it’s invitation to troubles. So, keeping the certificate lifecycle short is pretty important from the security point of view.
Remember SHA-1 to SHA-2 migration?
If you’ve been dealing with SSL certificates, you must remember the havoc caused at the time of SHA-1 deprecation. Our customer support team remembers it vividly (Just to be clear, they claiming that they had nothing to do with the printer being set on fire) and we’re sure they wouldn’t want to go through that mayhem once again as well. These security upgrades will keep on occurring as long as there is a threat.
This is how it will impact you
In compliance with the CA/B forum regulations, we at SSLRenewals will discontinue support for 3-year SSL certificates beginning 20th February 2018. This will be applied to all the CAs and all their products. And if you purchase a 3-year SSL certificate before the deadline and have to renew it in future, it will be renewed as a 2-year certificate.
So, if you don’t see the 3-year option, don’t worry.