As of September 1st, 2-year certificates have been replaced by multi-year SSL Certificate plans. The only certificates that will be trusted by major browsers will be those with a validity period of 397 days or less. Why 397 days? That’s one year plus a one-month grace period for renewal.
Users will have to do a little bit extra on their end as the switchover is being made, but the trade-off is a higher level of security over the long-term.
Why Has This Happened?
Shorter Validity = Higher Security
The goal of this change is to improve security for the Internet users (organizations and consumers); the shorter the validity period of a certificate, the more secure it is.
Among advantages that come with shorter-term certificates, the following four are key and worth highlighting them:
- A shorter lifespan for keys, which means a shorter lifespan for compromised keys, as well. With shorter certificates, you have a smaller window of exposure if a key is stolen.
- Certificate security updates are rolled out into the wild at a much quicker pace.
- Organizational information is updated on a yearly basis, including company names, addresses, and domains, which translates to increased user trust.
- Automation is encouraged. With a good certificate management system in place, there is no difference in convenience between shorter and longer lifetimes. They are automatically re-issued when needed, regardless of the validity period.
How Does This Affect My Website?
This change affects only the public TLS certificates. Root Certificates as well as Code Signing Certificates (CSC), S/MIME, Document Signing Certificates (DSC), etc) are not impacted.
The main thing for Webmasters to consider regarding this change is that they will have to “worry” only about more frequent certificate expiration dates. Subsequently, webmasters and IT companies that handle SSL certificates for their end-clients must put in place proper certificate management procedures.
What Happens With Certificates Issued before 1st of September 2020?
Those Certificates issued before the 1st of September 2020 will remain valid as per their original validity period. The only time you’ll notice anything different is if they need to be re-issued. In that case, you won’t lose any of the validity time, but you’ll need to plan to re-issue again if your initial validity period is still greater than 397 days.
How Come NetShop ISP Still Offers 2-Year SSL Subscriptions?
As the SSL Certificates are under the SPP (Self-provisioned Products) umbrella, we do have the appropriate certificate management procedures to allow 2-Year Subscriptions on all the SSL Certificates. This is fully inline with the CAs; we are offering the 2-Year Subscription so you can do Costs Savings, whilst we are taking care for your SSL Certificate’s Renewal Notification on the 1-Year Due Date.
Contact our SSL Specialists for additional consulting or to sort out any questions you may have related to the SSL Validity Period Change. All our SSL Certificates with a Discounted 2-Year Subscription length can be directly purchased via https://my.netshop-isp.com.cy/cart/ssl-certificates/