With Subscription SSL you can profit from the benefits of an SSL certificate with a longer validity period, despite the industry-wide limitation of the maximum validity term. You pay once in advance, so the price per year is lower. Once per year you renew the certificate by submitting a new CSR, after which we go through the validation process again.
Why Subscription SSL?
The maximum validity of SSL certificates has been limited in recent years from 5 to 3 to 2 years, and now down to 1 year from September 1, 2020. There is a chance that the validity period will be further limited. The proponents (the web browsers and some CAs including Sectigo) strongly encourage this because of the security benefits. Although all CAs recognize this, there is a need from the market for a longer validity to limit management and administration burdens. Subscription SSL responds to this by saving time and money as organisations spend less time on certificate management and benefit from a lower yearly price.
How does Subscription SSL work?
You can order Subscription SSL for 2, 3, 4 or 5 years. This gives you a discount on the price per year. The subscription is available with all SSL certificates from Sectigo, DigiCert, GeoTrust and Thawte. Sectigo certificates are available up to 5 years, the others brands up to 6 years. The subscription does not affect the technical lifespan, and according to current guidelines, a certificate must be technically renewed every 13 months. Resellers can also order Subscription SSL via the Xolphin REST API. Not an API user yet? You can integrate the API free of charge. If you use the Xolphin REST API, as of August 18, you will receive an SSL certificate in the form of the new Subscription SSL as soon as you apply for a multi-year certificate. You don’t have to make any changes yourself.
Renew technical validity
As described earlier, a technical annual renewal is required despite the purchased subscription. We will send you a notificaton mail 30 days before the expiration date. We do not send reminder emails to API-users: we will send you a ‘ReadyForReissue’ webhook call after which you can reissue the SSL certificate. You may have to implement the "ReadyForReissue" webhook call for this.
For the renewal, a new CSR must be submitted and revalidation is required. You will then receive the reissued certificate for installation.
Depending on the certificates’ validation level, the technical renewal requires:
- a CSR;
- domain validation (DCV);
- with OV certificates, new company validation every 27 months;
- with EV certificates, new company validation and phone validation every 13 months.
What is the cancellation period for Subscription SSL?
As with regular SSL certificates, Subscription SSL has a cancellation period of 30 days. This only applies to the start of the subscription, and not annually with every technical renewal of the certificate subscription.
What are the payment terms for Subscription SSL?
You pay once when purchasing a subscription for the entire period of that subscription (1-5 years). This limits the number of payment moments, and enables us to apply the multi-year discount.
What are the costs for adding extra domains to a multi-domain certificate?
Subscription SSL is also available with multi-domain certificates, which can be extended with additional domains through a reissue during the term of the subscription. Just like with a regular SSL certificate, you only pay for the extra added domains, and the costs are calculated over the remaining term of the subscription.
Why do you set August 18 as the deadline instead of September 1?
The general deadline for the transition to 1-year certificates is September 1, 2020. A minimal delivery time applies to certificates with company validation (OV and EV), so suppliers opt for a safe margin of two weeks. Xolphin conforms to this.