Thank you to our friends at GlobalSign for providing us with this important blog post.
Starting on September 1st, SSL/TLS certificates cannot be issued for longer than 13 months (397 days).
Why is this happening now?
Long story short, some of the industries biggest names - namely, Apple - have announced that their browsers (such as Safari) will no longer recognize SSL certificates that are longer than 1 year in length.
The biggest reason for this change has to do with identity – how long should the information used to validate an identity stay trusted? The longer between validation, the greater the risk. Google has said that in an ideal world domain validation would occur about every six hours.
What shorter SSL/TLS validity means for website owners
If you’re using a two-year certificate that was issued before September 1, your certificate will stay valid until its original expiration date. You just won’t be able to renew for two years moving forward.
Or to put it another way, you have until the first of September to get two-year certs. After that they will be relegated to the desktop recycling bin of history.
How GlobalSign and Rebel will handle one-year certificates
GlobalSign and Rebel will provide SSL/TLS customers with the maximum validity of 397 days when you order one-year certificates starting on August 31, 2020.
You will still want to renew your certificate before it expires, but since GlobalSign can no longer provide up to 90 additional days to your validity, we recommend you renew within 30 days of expiration.
What about reissuing my certificates?
You may wonder what happens when you reissue one of your two-year certificates after this change goes into effect. Well, we have good news for you! If you reissue a certificate and lose validity, you can reissue the certificate later – ideally less than 397 days prior to your original cert expire – and recover the lost validity from your first reissue! This works the same way it did in 2018 when we went from three-year max validity down to two years.
Got questions or need help with your certificates? Contact our 24/7 Customer Support team.