Your last chance to get a 2-year SSL certificate

messi62

Starting September 1, 2020, all TLS/SSL certificates will have a validity period of 1 year. That's 13 months or 398 days if you add an extra 30 days for renewal or replacement. However, if you subscribe to SSL, you can still get a 2-year SSL certificate. We'll show you how to do that below.

The current TLS/SSL lifetime of 27 months has lasted only two years. This is one year shorter than the previous 3-year lifetime recommendation from 2015 to 2018. In the early days of web encryption, SSL certificates had a 5-year cycle. The first reduction came with the introduction of the SHA-256 hash algorithm .

As the Internet evolves and security threats continue to persist, leading certification authorities and browsers are constantly pushing for shorter SSL validity periods. The reason for this is simple – frequently updating an SSL certificate gives attackers less time to hack it. As a result, users’ sensitive data will be even better protected than it is now.

While all CAs had anticipated the latest SSL expiration date reduction, it was Apple that made it official by
unilaterally announcing
that its Safari browser would no longer mobile app development service trust SSL/TLS certificates with expiration dates greater than 398 days as of September 1. Since Safari is the second most popular browser on the web, leading CAs had no choice but to comply with Apple's decision.

Certification authorities' reaction to 1 year of SSL validity
DigiCert and Sectigo , the CAs with the largest market shares, responded positively to the new SSL lifetime.

“DigiCert agrees that shorter lifespans help improve the security of the ecosystem and has the tools to help our customers automate the certificate lifecycle process. We support certificates with short lifespans of just a few hours for customers with advanced automation capabilities,” wrote Dean Cocklin on the company’s blog .



Michael Fowler, president of partner and channel operations at Sectigo,
echoed
Cocklin's sentiments.

“ Sectigo understands the benefits and supports the reduction in certificate lifespan. We also know that the current two-year limit has already impacted our SSL certificate resellers, causing friction for users. Sectigo has anticipated these changes and has introduced solutions to help our partners .”

What does 1 year SSL validity mean for the end user?
If your existing 2-year SSL certificate is about to expire ( less than 12 months), now is your last chance to get a certificate for the next two years. Starting September 1, 2020, Digicert and all of its SSL brands (RapidSSL , GeoTrust , and Thawte ) will stop issuing 2-year public TLS certificates. Sectigo and GoGetSSL will be dropping the 2-year SSL expiration even earlier.