The cumulative length of SSL certificates has recently been shortened by the CAB forum from 3 years to 2 years+ (27 months), taking into account the inherent security and logistics problems.
Let us understand the current scenario for each form of certificate, as certificate replacement procedures / equipment are rarely needed, so you want to use 3-year certificates as long as possible, given that CAs have opted to avoid issuing goods prior to the deadlines mandated by the industry. This may mean that certain CAs will opt to avoid issuing 3-year SSL certificates before / by March 2018, if you have a current 3-year certificate, if you are reissuing in the last year of its lifespan, you may need to revalidate.
All new SSL certificates will be limited to a period of 825 days (2 years + 3 months of extension buffer) as of 1 March 2018. That affects certificates of DV (Domain Validation) and OV (Organization Validation).
Reduced Validity of SSL Certificate
We decided to bring together a brief overview of how this would effect those that use 3-year SSL certificates, provided that this will effect how certificates are distributed and handled.
If You have an existing OV certificate:
It will last for 3 years if you have a current 3-year SSL licence. However, following the re-issuance of the latest validity period , the new mandate will apply.
Since the move took place very rapidly and prompted a vast volume of existing validation information to expire unexpectedly, both new and existing certificates have been affected.
Validation is the method of confirming the lawfully licenced company’s life. You will be forced to re-do this procedure when the original validity details expires, and will then be valid for the next 825 days.
The consequence of the same may be determined from when the validation was carried out, which date might not be obvious to you, since it is not exactly the same as the certificate’s start date. From a technical point of view, reissuing a certificate may even result in a 1 or 2-year OV certificate being the same as issuing a new certificate. This suggests that ALL recently released certificates (including reissues) would have a cumulative validity of 825 days after March 2018.
If you have a DV certificate
DV certificates will only be limited to 825 days starting March 2018. You could continue to receive a 3-year certificate sooner, as it is now standard practise to re-validate domain rights as you re-issue a DV certificate. This basic practise can be accomplished in a few minutes by setting up a DNS record, uploading a file via FTP or verifying an email to your server.
If You have an EV certificate
Neither of these modifications concerns EV credentials. EV certificates are already limited to a lifetime of 27 months as they follow the highest identification requirements and authenticity details can only be repeated for a lifetime of 13 months.