As of 2018 a new requirement of the CA/B Forum will be applied: the maximum validity period of SSL-certificates will be limited to 24 months. CA/B Forum is an industry regulation body that creates and adopts rules related to the procedures of issuance and verification of SSL certificates.
The Ballot 193 proposal, originally published by Chris Bailey from the Entrust certification center, applies a new limit on the maximum period of validity of all trusted SSL certificates – 825 days. This would be a two years period with additional days provided for a renewal and replacing an expired certificate. This new amendment has been finally approved and will be applied beginning from March 1, 2018.
Amendment was approved by 24 certification authorities with 3 abstentions and 5 browser manufacturers with one abstention (Mozilla). The new requirement will be a mandatory for all types of SSL certificates and all certification authorities. The industry is currently considering to further reduce validity of SSL certificates to one year.
Currently, the maximum validity period for an SSL certificate is 3 years (in regards to SSL certificates 3 years means 39 months). Certification authorities can issue DV and OV SSL certificates for a period of three years until March 1, 2018. Since March 1, rules will change: the issuance of SSL-certificates will be possible only for 1 or 2 years.
This complies with a main guidelines of CA / B Forum: it worth noting that issuance of 4 and 5 years certificates was canceled since March 2015.
Why validity period of SSL-certificates is reducing?
SSL-certificate users are more comfortable with long-term certificates (many would be happy to purchase an SSL certificate which would be valid for a 10 years), as there is no need to spend a lot of time on reinstalling them, however SSL industry has a bit different point of view. For example:
- It would be difficult to deploy modern security features / updates in a timely manner
Any proposal or change adopted by the CA / B Forum would be implemented after the validity period of all existing certificates has passed, i.e. only after 39 months.
In the future, the industry will continue to decrease the validity period of SSL certificates. Although these changes will be implemented slowly, all users should be prepared for regular updates (about once a year) of their certificates.