As of March 9th Symantec will only sell a maximum of 3-year OV (Organization Validated) and DV (Domain Validated) SSL Certificates. Maximum Validity of SSL Certificates Reduced to 3 Years. This restriction applies to new certificate issuance as well as renewals. Effective April 1, 2015, the CA/B Forum is reducing the maximum validity of OV and DV SSL certificates to 39 months in order to increase SSL/TLS security. Under these guidelines, no CA’s or their partners should offer greater than 3-year validity term OV/DV SSL certificates effective April 1, 2015.
This restriction applies to new certificates and any re-issues. If you need to re-issue your SSL certificate after 1 April 2015 the re-issued certificate will have a maximum validity of 39 months. Acmetek will stop selling 4 year SSL certificates on 9th March 2015.
FAQ
If the maximum validity is 3 years why is the restriction 39 months?
No we haven’t got the math wrong. When renewing a certificate you can receive up to a maximum of 3 months additional validity added to your certificate depending on the remaining time on your current certificate. If you renew early enough you will get a certificate valid for 39 months.
Can I still purchase 4 year SSL Certificates?
You can purchase 4 year certificates up to 31 March 2015. After this date the maximum duration will be 3 years. Please also refer to the next question.
Can I re-issue a 4 year SSL certificate?
All certificates come with unlimited re-issues. However if you re-issue your certificate after 1 April 2015 and it has more than 39 months remaining then the validity will be truncated to 39 months. If you have 4 year certificates ensure you back-up the keys to prevent the need to re-issue and losing any validity period over 39 months.
Can I re-issue a certificate that is older than 39 months?
The CAB Forum has also stated that the 39 month restriction applies to vetted data. This means if you order a 4 year certificate you will only be able to re-issue it during the first 39 months (and with a validity period of no more than 39 months).
What is the maximum validity period for EV certificates?
This remains at 27 months. 24 months plus up to 3 months extra for early renewals.
Where can I find out more information about the CAB Forum Guidelines?
For the current CA/Browser Baseline Requirements v1.2.3 (16 October 2014). Specifically see Section 9.4 for validity period changes.
For all SSL Support/Inquiries, please contact us @: websitesecurity@acmetek.com