3-year SSL Certificates lifetime to be reduced and here is the guide for you
Recently CAB forum reduced the maximum duration of the SSL certificates from 3 years to 2 years+ (27 months) keeping in mind the inherent security and logistics issues.
Let us consider the new scenario for each type of certificates, as practices/equipment require to replace certificates are infrequently as possible, so you want to use 3-year certificates as long as possible, considering, CAs have chosen to stop issuing products prior to the industry-mandated deadlines. This may mean that some CAs may chose to discontinue issuing 3-year SSL certificates before/by March 2018,if you have an existing 3-year certificate, you will need to revalidate, if you reissue in the last year of its lifetime.
Since, March 1st, 2018 all new SSL certificates will be restricted to a maximum of 825 days (2 years + 3 months renewal buffer). which affects DV (Domain Validation) and OV (Organization Validation) certificates.
Given that this will impact how certificates are deployed and managed, we wanted to put together a quick summary of how this will impact those who use 3-year SSL certificates.
If You have an existing OV certificate:
If you have an existing 3-year SSL certificate then it will continue for 3 years. However,the new mandate will apply from the reissuance of the existing validity period.
Since the change took effect very quickly and has caused a large amount of existing validation information to suddenly expire, which affects both new and existing certificates.
Validation is the process of proving the existence of your legally registered company. When your existing validation information expires, you will be required to re-do this process which will then be valid for the next 825 days
The impact of the same can be gauged by when was the validation effected, which date may not be apparent to you, because it is not necessarily the same as the start date of your certificate. This could effect a 1 or 2-year OV certificate as well,from a technical perspective, reissuing a certificate is the same as issuing a new certificate. This means that after March 2018, ALL newly issued certificates (including reissues) must have a maximum validity of 825 days
If you have a DV certificate
Starting March 2018, DV certificates will now be limited to 825 days. earlier you could continue to get a 3-year certificate and when you re-issue a DV certificate it is already common practice to re-validate domain ownership. This simple practice, which can be performed in a few minutes by setting up a DNS record, uploading a file to your server via FTP, or confirming an email.
If You have an EV certificate
EV certificates are not affected by either of these changes. since they meet the highest standards for identity, EV certificates are already limited to have a maximum of 27 months and validity information can only be reused for a maximum of 13 months
This is as per the latest information received from CAB forum. Subscribe to our blog for latest information and updates.
The 2023 Guide to SSL Certificate for website