New maximum lifetime for SSL certificates: what you should know
Since 1 March 2018, the maximum validity period of SSL certificates has been reduced from 39 to a little more than 27 months. What exactly does this mean for you?
Under the pressure of various organisations (especially Google and Mozilla), the decision was taken to shorten this maximum validity period. This should help make the web more secure and develop sounder management in the sector.
Why do you need an SSL certificate?
An increasing number of websites are using the HTTPS protocol instead of the traditional HTTP protocol. This makes it possible to secure the communication with the user’s browser, and provides guarantees as to the identity of the owner of the domain name. In order to be able to provide the HTTPS protocol, you need an SSL certificate.
When purchasing such a certificate, you can go for DV or Domain Validation (guaranteeing that the domain belongs to the person/organisation whose address is available in the WHOIS record of the domain), OV or Organization validation (simple verification of the reputation of the company to which the domain name belongs) or EV or Extended Validation (extended validation of the company).
What is going to change with SSL certificates?
Until recently, the maximum validity period of an OV and DV certificate was 39 months (36 months validity + 3 months for the request/renewal process). Under the pressure of various organisations (especially Google and Mozilla), the decision was taken to shorten this maximum validity period. This should help make the web more secure and develop sounder management in the sector:
- The earlier expiry dates make it possible to implement new strategies and encryption technologies faster
- The risk of abuse is reduced
- Organisations will be able to adopt a proactive attitude for the certificate management and will update and maintain their configurations on a more regular basis.
After rejecting a first proposal to set a maximum lifetime of 12 months in February 2018, the Certificate Authority and Browser Forum found a compromise early this year: as of 1 March 2018, a maximum lifetime of 825 days will apply for all DV and OV certificates. That is a little more than 27 months (24 months + a 3-month renewal buffer). For EV certificates, nothing will change, as their maximum lifetime was already 24 months.
Furthermore, the information on which the certificate is based must be verified maximum 825 days before the beginning of the certificate’s validity period. All Certificate Authorities (the organisations that issue the certificates) will adopt this measure.
As of 1 March 2018, a maximum lifetime of 825 days will apply for all DV and OV certificates. That is a little more than 27 months (24 months + a 3-month renewal buffer).
How will this measure affect you?
For existing certificates: If you purchased a certificate from us before 1 March 2018 with a validity period of 36 months, Combell will automatically reissue the certificate after the expiry date for the maximum validity period of 24 months. You do not have to do anything.
For new certificates: from now on, you can only purchase DV, OV or EV certificates with a maximum lifetime of 24 months (825 days).
Who is this message intended for?
- All Combell customers who purchased their SSL certificate from Combell.
- All Combell resellers who purchased an SSL certificate from Combell for their customers. Be careful: you should mention this new maximum validity period in your conditions of sale!
And remember, an SSL certificate is indispensable to establish a secure HTTPS connection to your website. Do you not have an SSL certificate yet? Do not lose your users’ trust! Implementing an SSL certificate is not a particularly difficult task. Read more about the various types of SSL certificates. Our support pages will show you how you can install SSL certificates.