Until now, buying a TLS / SSL certificate that lasts two years was possible and normal. However, things will change from tomorrow. Today is the last day that we will be able to do this. From September 1, 2020, all new certificates will be valid for a maximum of 397 days. This is considerably less than the 24 months that we could enjoy so far.
TLS / SSL certificates will last 13 months
As we say, from tomorrow, September 1, all TLS / SSL certificates will have a validity period of maximum 13 months . This means that beyond those 397 days we would have to renew it.
Developers of web browsers and operating systems, such as Apple, Microsoft, Firefox and Google , will no longer consider valid TLS / SSL certificates of 2 years issued as of September 1. From that date they will have a maximum validity of those 397 days that we have mentioned.
What does this mean? If a user wants to have a certificate that will serve them for the next two years they would have to hurry. You would have to acquire this certificate today, since from tomorrow all purchases will only be valid if they have that maximum limit.
Keep in mind that the starting gun was given by Apple. Later others followed him and supported the same. Browser developers have pushed to reduce the validity of TLS / SSL certificates.
Logically the reason behind this is security . The longer a certificate lasts, the greater the risk that an unauthorized user will misuse it. This can be avoided, or at least reduce the risk, if that period of validity is shorter.
Positive points of reducing the validity period
As we can see, security is a factor behind this reduction in the validity time of TLS / SSL certificates. We are going to show the highlights from the developers:
- Enables greater agility by phasing out certificates when vulnerabilities in encryption algorithms are discovered.
- Limits the exposure of a website when compromised, as the private encryption keys would be changed regularly. If a private TLS certificate is stolen, a validity of one year will limit the amount of time an attacker could use.
- Prevent hosting providers or third parties from using a certificate for a long time after a domain is no longer used or has changed providers.
On the other hand, it should be noted that the certificate issuers rejected this measure. However, Apple, unilaterally, decided to put that limit of 397 days as of September 1, 2020. That is, starting tomorrow the subject changes. Mozilla and Google joined Apple’s proposal.
Regarding how it affects users, those who already have a certificate valid for more than one year do not have to worry. It only affects those that are bought from tomorrow.