You Won’t Be Able to Purchase 3-Year SSL Certificates From March 1, 2018
Beginning March 1, 2018, Maximum Lifespan of SSL certificate to Be Reduced From Three to Two Years
From March 1, 2018, the maximum lifecycle of SSL certificates will be reduced from three years to two years. The decision was taken by the CA/Browser forum last year when the majority of the CAs and browsers voted for discontinuation of 3-year SSL certificates. CA/Brower forum is a voluntary body comprising of CAs and browsers. Note that this is an industry-wide change and it’s going to affect all types of certificates offered by all certificate authorities.
Until now, this barrier of 2-year lifecycle was only applicable to EV SSL certs, but from 1st of March, all the products will have a maximum lifespan of two years.
No website admin will be thrilled to hear this, right? After all, who wants to go through purchase, validate and install SSL Certificate every two years? But it’s for your own good. As far as the practicality of this reduced lifecycle is concerned, the benefits easily outweigh the disadvantages.
Why This is a Good Thing?
If you remember, there was a time when 10-year SSL certificates were a real thing. But that time is long gone now. We’re about to see this period cut down to two years. Many won’t like this, but this is certainly a good and a timely move from a security standpoint. SSL/TLS protocols use specific algorithms of certain key-lengths for encryption and decryption of data. As the time goes, flaws are found in these algorithms and therefore, they are considered “broken.” Such algorithms would be of no use, and the websites will need to migrate to a secure algorithm. This happened recently when SHA-1 was broken, and websites had to migrate to SHA-2. This caused chaos among the certificate owners as well as certificate providers. To avoid such scenarios, it would help if certificates are of fewer lifespans.
Here are the scenarios in which reduced lifespan would certainly help:
- If hashing algorithm gets deprecated
- Key-length gets deprecated
- If a CA is distrusted by browsers
- If a validation method is found to be weak and it’s changed
- If keys get compromised and need replacement
Here’s the rundown of the things you need to keep in mind:
- You Won’t be Able to Purchase 3-Year SSL Certificates from March 1, 2018.
- All the pricing on our page has been optimized with respect to two-year option.
- An SSL/TLS certificate can be valid for a maximum period of 825 days (2 years + Renewal Period).