Maximum validity period SSL certificates becomes 2 years

19 January 2018

The guidelines for issuing SSL certificates will be tightened from March 1. From this date onwards, the CA / Browser forum allows a maximum validity period of 825 days (approximately 27 months) for all SSL certificates. Applying for certificates with a longer duration is no longer possible from that time.

What does this mean for new applications?

This change applies to SSL certificates issued by all Certificate Authorities, and for all versions and validation levels. The Certificate Authorities apply different deadlines to limit the validity period. Certificates can no longer be requested with a validity of 3 years from:

  • February 20, 2018 for Symantec, GeoTrust and Thawte certificates
  • February 26, 2018 for GlobalSign certificates
  • March 1, 2018 for Comodo certificates

We adhere to the deadlines listed above for requests via the Xolphin API. For all applications via the Xolphin Control Panel, applications for certificates from all brands with a validity of 3 years will no longer be possible as of February 20

How does this affect current certificates?

  • Certificates with a longer term remain valid, even after March 1, 2018. As soon as you re-issue certificates after this date, the remaining term will be limited to a maximum of 825 days. Any lost term can be compensated at a later stage with a free replacement certificate.
  • Furthermore, the retention period for reusing validation data for Domain and Organization validation certificates will be limited from 39 months to 27 months.

Why this change?

The CA / Browser forum (Certification Authority Browser Forum) consists of most CAs and browsers, and establishes standards and guidelines that ensure the security of SSL certificates. They argue that using certificates that are valid for a long term increases the risk of abuse and outdated techniques. In February 2015, the term was limited to a maximum of 39 months.

In case of any questions, please contact us.

SSLCheck

Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues