Limitation of SSL validity to 1 year is near
14 July 2020
As previously announced, the validity period of SSL certificates will be further limited to 1 year as of September 1st, 2020.
Apple was the first browser to announce that as of September 1st, 2020, it will limit the term of accepted SSL certificates to 398 days. Recently, Google and Mozilla also announced that they will no longer accept newly issued certificates with a validity period longer than 398 days from September 1.
All publicly-trusted SSL server certificates issued before September 1, 2020 with a longer validity period, will continue to be supported for the entire term.
What does this mean for me?
Do you have certificates with a validity term of 2 or 3 years that were issued before September 1, 2020? These certificates will remain valid until their expiry date.
Certificates issued on or before August 18, 2020 will still be issued with a validity period of 2 years, which will remain trusted in the browsers until they expire. For certificates with company validation (OV and EV) a certain delivery time applies, for this reason the transition date has been set to August 18.
Certificates with a longer validity period reduce management time: there is no need to renew and reinstall them each year. Besides, annual costs for certificates with a longer validity period are lower. Do you want to extend your current certificates one last time for 2 years and benefit from these advantages? You can renew your certificates from 100 days before the expiry date. The remaining validity period of the old certificate is added to the new certificate, so you do not lose any validity period. Until August 18, you can extend your certificates in the regular way for two years via the Control Panel.
Impact on reissues
During the validity period of a certificate, you can always apply for a reissue, for example the key material may have been lost, or you have migrated your hosting platform.
The validity period of certificates re-issued after August 18 will then be limited to 13 months. This does not mean that the certificate has lost its initial validity period, because if you reissue again at a later time it will be matched to the initial validity period of two years. For example, if your current certificate has 698 days remaining on September 1 and it is reissued that day, we will issue a 398 day certificate, and you will need to resubmit the CSR and get it reissued near the 398 day expiration at which time we would issue another certificate for the remaining 300 days at no cost to you. Please note that you must apply for this reissue yourself and in time.
Options for a longer validity term
The reduction of the maximum validity period has been going on for quite some time, and has both supporters as well as opponents. Advantages are less risk in the event of interim incidents or necessary updates and more certainty about the identity of the certificate holder due to the more frequent company validation. Disadvantages are more load on organizations in the field of certificate management, administration and pricing.
Despite, and probably also thanks to this discussion, there is a need for certificates with a longer validity. As mentioned above, 2-year certificates are still available until August 18, 2020, and you can choose to renew certificates that are less than 100 days before this date.
In order to meet this high demand that will continue to exist after September 1, Sectigo launched multi-year SSL subscriptions: this allows you to subscribe for up to 5 years for all types of SSL certificates and continue to benefit from attractive multi year discounts. In this model it remains necessary to technically renew the certificates after the maximum validity period of 398 days. In time, the necessary interim renewal will also be automated where possible.
We will inform you shortly about the possibilities. Do you have any questions? Read our frequently asked questions or contact us.