A major announcement on the validity of SSL Certificates was made at the CA / Browser Forum (CA / B Forum) face-to – face meeting in Bratislava, Slovakia on February 19. CA / B Platform is the industry standards community containing the Certificate Authority ( CA) and most of the main browsers.
The announcement announced that Apple’s Safari browser would trust an SSL / TLS Certificate with a validity of no more than 398 days (which is equal to a one-year certificate plus a renewal grace period) starting from 1 September 2020.
There is no formal posting about the announcement from Apple. But some of the leading Authority for Certificates (CA) like DigiCert, Sectigo posted this news on their blog and social media.
This news isn’t really shocking after Google implemented CA / B Forum Ballot SC22 back in August 2019 to limit the validity period of the SSL Certificate to one year. But in the Forum the vote failed, which meant the overall lifetime of the certificate remained at two years.
So why did Apple go for a shorter validity of the SSL Certificate and what does a website owner or reseller bear in mind?
Feel free to jump to any section you want:
Why did Apple choose to enforce shorter validity of SSL Certificates?
Apple’s spokeswoman said they agreed to have a shorter lifetime certificate implemented to secure customers. Apple obviously wants to prevent an environment that can’t respond quickly to major threats related to certificates.
Shorter validity of the certificate increases protection as it decreases the exposure duration in case any SSL / TLS has been compromised. It also helps to correct normal organisational turnover within the organisations by ensuring regular identity changes, such as business names , addresses, and active domains. Short certificate validity also ensures frequent generation of a new key, which will help to make websites more stable.
These improvements must be enforced by the users of the certificate, in order to enhance website protection with shorter certificate validity.
What does that mean for the operators of websites?
This move will not impact any SSL / TLS certificate issued before 1 September 2020. They will be valid for the entire time for which they were issued, i.e. 1 or 2 years (subject to any arbitrary revocation of SSL Certificates) and will not make any changes or replacements.
But in the event of any SSL / TLS Certificate issued on or after September 1 , 2020, it will have to be updated annually in order to remain trusted by the Safari browser of Apple.
This means you will need to streamline the current certificate management activities and strengthen them. Whereas you need to use a secure certificate management system for large organisations.
What does this mean for a Re-seller Certificate?
Re-seller will give their customer a two year SSL certificate until August 31 , 2020. After re-selling on 1st Sept 2020, a one-year SSL needs to be released to ensure it remains valid in the Safari browser. If any two-year SSL certificate is issued the re-seller must ensure it is re-issued after a year.
Why Should You Buy SSL Certificate 2 Years Now?
Having addressed the Apple stand of increasing the protection of the SSL certificate by reducing the validity of the certificate. Other advantages include purchasing SSL cert for 2 years.
1. You get further discount for 2 years contract
2. Less pain of SSL certificate renewal
3. No technics for straight 2 years SSL implementation.
4. 2 years of completely free technical support.
5. No price fluctuation before your contract becomes valid.
6. & much more …..
Time to say bye-bye to validity of the two year certificate. Gradually, other browsers can also begin work to diminish the validity of the certificate.
Still concerned about the shorter validity of the cert and how do you streamline your business processes? Message us …
Bottom line:
The news to shorten the validity of the SSL certificate wasn’t a shocker because in the near future it was excepted to come. Three years of certificate validity had already reduced to two years earlier and now we might be heading for a year.
Website owners and a re-seller needn’t think about this. There will not be a lengthy or boring process to follow, it will be as simple as a phase of a certain renewal. With https.in being your provider of SSL certificates you’ll have the ability to update SSL certificates with only a few clicks.
Time to say bye-bye to validity of the two year certificate. Gradually, other browsers can also begin work to diminish the validity of the certificate.
Still concerned about the shorter validity of the cert and how do you streamline your business processes? Message us …