2020-08-12

Shortening the validity period of SSL certificates

SL(TLS) certificates are a necessary and reliable tool for securing traffic to websites. For years, their standard and high quality has been supervised by Certification Authorities and Internet browsers. High quality is assured through the highest standards, dynamically changing in response to new Internet technologies. One of the last changes in the certificate profile is the reduction of the validity period from two years to one year. This change in validity period was already proposed last year by browsers, but it was only in March 2020 that Apple decided to stop, starting September 1, supporting certificates issued for more than 398 days. The main argument for shortening this period was and is the protection of the encryption key, which thanks to more frequent exchange provides higher protection for websites and their recipients.

Shortening the validity period of the certificate by Apple Inc. is not surprising and fits into the context of improving the security of the modern Internet and its users. With SSL (TLS) lifetime reduction, it will be much easier for website owners to respond to security incidents, and with more frequent generation of a new key pair, the risk of key leakage or compromise will be minimized.

Apple’s decision has been approved by other browsers as well as the CA/B Forum[1].

What does shortening the validity period mean?
Any certificates issued before September 1, 2020 will continue to be valid and, regardless of their period of validity, will not require any intervention or modification on the user’s part. The change of validity period concerns only non-qualified SSL (TLS) certificates issued after September 1, 2020. All SSL Users who purchase and are issued a two-year SSL(TLS) certificate before that date will not be affected by this change. The certificate will remain trusted in your browser throughout its validity period.

Certum is ready for the proposed change and we hope that it will positively affect the quality of the modern Internet, of which each of us is part today. At the same time we would like to inform you that until Tuesday, August 25, 2020, two-year SSL certificates will be still available in the Certum’s offer.

[1] Voluntary consortium of certification authorities, vendors of Internet browser software, operating systems, and other PKI-enabled applications that promulgates industry guidelines governing the issuance and management of x