Maximum Validity of SSL Certificates Reduced to 3 Years

As of March 9th Symantec will only sell a maximum of 3-year OV (Organization Validated) and DV (Domain Validated) SSL Certificates. Maximum Validity of SSL Certificates Reduced to 3 Years. This restriction applies to new certificate issuance as well as renewals. Effective April 1, 2015, the CA/B Forum is reducing the maximum validity of OV and DV SSL certificates to 39 months in order to increase SSL/TLS security. Under these guidelines, no CA’s or their partners should offer greater than 3-year validity term OV/DV SSL certificates effective April 1, 2015.

This restriction applies to new certificates and any re-issues. If you need to re-issue your SSL certificate after 1 April 2015 the re-issued certificate will have a maximum validity of 39 months. Acmetek will stop selling 4 year SSL certificates on 9th March 2015.

FAQ

If the maximum validity is 3 years why is the restriction 39 months?

No we haven’t got the math wrong. When renewing a certificate you can receive up to a maximum of 3 months additional validity added to your certificate depending on the remaining time on your current certificate. If you renew early enough you will get a certificate valid for 39 months.

Can I still purchase 4 year SSL Certificates?

You can purchase 4 year certificates up to 31 March 2015. After this date the maximum duration will be 3 years. Please also refer to the next question.

Can I re-issue a 4 year SSL certificate?

All certificates come with unlimited re-issues. However if you re-issue your certificate after 1 April 2015 and it has more than 39 months remaining then the validity will be truncated to 39 months. If you have 4 year certificates ensure you back-up the keys to prevent the need to re-issue and losing any validity period over 39 months.

Can I re-issue a certificate that is older than 39 months?

The CAB Forum has also stated that the 39 month restriction applies to vetted data. This means if you order a 4 year certificate you will only be able to re-issue it during the first 39 months (and with a validity period of no more than 39 months).

What is the maximum validity period for EV certificates?

This remains at 27 months. 24 months plus up to 3 months extra for early renewals.

Where can I find out more information about the CAB Forum Guidelines?

For the current CA/Browser Baseline Requirements v1.2.3 (16 October 2014). Specifically see Section 9.4 for validity period changes.
For all SSL Support/Inquiries, please contact us @: websitesecurity@acmetek.com

Recent Posts

S/MIME for Outlook O365 Windows

Add to Favorites S/MIME Advantages of S/MIME Certificates S/MIME (Secure/Multipurpose Internet Mail Extensions) certificates offer several advantages when it comes to securing email communications. Here

Read More »

Abbreviations

Add to Favorites There are literally thousands of IT abbreviations out there. Many are concerned with the technical aspects of the computer, while others deal

Read More »

SSL Installation on Qmail

Add to Favorites SSL Installation on Qmail Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts.

Read More »