Blog Support
SSLTrust

3 year SSL Certificates being discontinued

At the moment you can purchase a 1,2 or 3 year term for new and renewal SSL Certificates. This will soon be changing with the CAB Forum Ballot 193.


The CAB Forum is the governing body that sets many rules and guidelines for the issuance of SSL Certificates. It is comprised of a group of leading individuals from Certificate Authorities and Browsers.

On March 1st, 2017 they released the document Ballot 193, proposed by Entrust, outlining the move to the new maximum 824-day Certificate lifetimes. This is to affect all Certificate Authorities and every type of SSL Certificate.

The reason behind the change to shorten lifetimes is due to the length of time it will take for any changes in the industry to effect long-life certificates. If any changes to regulations were to be made today, it would not be fully in effect for 3 years, the time it takes for all current certificates to completely expire. This is creating to many problems for the ecosystem.

Initially Google proposed a change to have SSL Certificates limited to a maximum of 1 year ( 13 months ) but this was strongly opposed by the industry, However, they did agree that a move was needed for shorter Certificate lifetime. This is when CAB Forum Ballot 193 was proposed.

When 3 year SSL Certificates no longer be available?

The new guidelines set forth have the deadline set to March 1st 2018. After this date no SSL can be ordered or renewed with a 3 year term.

If you order your SSL before March 1st, 2018 and have purchased a 3-year term, this will be still valid for the full term. However, if you need to do a reissue after 825-days from the issuance date, you will need to re-validate your business and domain. This is because the validation will only be valid for a maximum of 825-days.

You can save money and time purchasing a 3-year SSL before Match 1st, however if you ever need to do a reissue after 825-days you may have the headache of having to redo the validation. If you believe you will not need to do a reissue, then you will be okay until the SSL expires after the 3-year term.

This is not the first time the maximum lifetime of an SSL has been reduced. The maximum use to be 5 years for non-EV SSL Certificates, this was reduced to 3 years only a few years ago. This did help a great deal to improve online security and trust, and we believe this move will also help with this.

Over the next week we will be removing the option to purchase 3-year terms for new and renewal SSL orders. We plan to remove all 3-year options for Symantec, Geotrust, Thawte and RapidSSL before February 20th. We are then planning on removing all 3-year options for Comodo SSL orders before March 1st.

If you have any questions of concerns about current or future SSL orders please open a ticket with one of our friendly sales team members and they will be happy to assist and give guidance.

Discussions and Comments

Click here to view and join in on any discussions and comments on this article.

Written by
Paul Baka

Tags: #News

SSLTrust Blog

View our blog covering news and topics in security, certificate authorities, encryption and PKI.

Learning Center

View more resources on cyber security, encryption and the internet.