![A Look at 30 Key Cyber Crime Statistics [2023 Data Update]](https://www.thesslstore.com/blog/wp-content/uploads/2022/02/cyber-crime-statistics-feature2-75x94.jpg)
(No Ratings Yet)
Loading...Reminder: 3 Year Option for SSL Certificates ends March 1, 2018
After March 1, you’ll only be able to buy two-year certificates.
Starting on March 1, 2018, you will no longer be able to purchase 3-year SSL certificates. This change is being enforced by the Certificate Authority/Browser Forum (CAB Forum), which is more or less a regulatory body made up of CAs and Browser.
If you’ll recall, you actually used to be able to get five-year certificates. And I’ll be the first to admit, that was a bad idea. Encryption is changing so much, so quickly that if you waited five years between changing certificates you would be vulnerable by the time you renewed.
So, for the sake of user safety, the browsers have been pushing for shorter certificate validity periods. We have gone into depth on the issue of why certificates expire and why shorter certificate lengths are actually a good thing.
To refresh your memory, you have to renew certificates at regularly for two reasons:
- Keeping your security implementations up to date.
- The CAs need to validate you again so you stay trusted.
And before we get any further, no this is not some nefarious scheme by the Certificate Authorities so they can sell you more certificates. Google and the other browsers that participate in the CAB Forum would actually prefer validity periods of no more than 90 days. So it isn’t really the CAs pushing this.
But at any rate, replacing your certificate regularly is most important from the standpoint of your security. Let’s go back to the five-year certificates we mentioned earlier. Think about what ciphers we were using five years ago. Granted, you’d likely have had to re-issue by now on account of SHA-1, but that underscores my point. SHA-1! SHA-1 is so vulnerable that Google actually manufactured a collision to demonstrate how outmoded it had become.
Every day encryption technology evolves and the idea that you could still maintain adequate levels of security five, or even three years after issuance just isn’t plausible.
The other reason for issuance is the CAs have to re-validate you. This ensures that your information is up to date and that you’re still authorized to have certificates issued for your domain. Remember, the browsers are indicating to their users that they can trust a connection with your site on the basis that you’ve been vetted by a trusted third party. Just like with your driver’s license, you occasionally have to check in with that third party just to ensure that everything is up to date.
So, starting March 1, two years is the maximum lifespan that you can get with any SSL certificate. This change doesn’t affect EV certificates, as two years (825 days) was already the longest allowable validity period, owing to the level of trust (the unique green bar indicator) that EV SSL receives.
So here’s how this works:
- If your SSL certificate was issued before March 1, 2018, it’s still good for however long you have left.
- All SSL Certificates issued after March 1, 2018, may only have a maximum lifespan of 825 days.
- DCV and organization validation information for DV and OV certificates can only be used for 825 days.
That’s right, after 825 days the CA has to validate you again. And this is retroactive, too, so however old your current certificate is, it counts against the 825 days. I’ll level with you, this is likely going to increase the time involved in the validation process as CAs are going to be forced to re-validate more often.
I’ll also point out that if you purchase a three-year certificate before the deadline, you better hope you never have to re-issue it. Or else you’re going to run into headaches.
Here’s some reasons you might have to re-issue:
- Adding a domain to a certificate
- Removing a domain from a certificate
- Swapping out a domain on a certificate
- Changing organization information (name, address, phone number, etc.)
- Duplicating a certificate
So if you’re planning on doing any of those over the next three years, just spring for the two-year certificate and try to renew it early.
Finally, there is also chatter in the CAB Forum about eliminating certain Domain Control Validation methods such as Whois lookups.
As always, we’ll keep you posted as the industry undergoes more changes.
5 Ways to Determine if a Website is Fake, Fraudulent, or a Scam – 2018
in Hashing Out Cyber SecurityHow to Fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
in Everything EncryptionRe-Hashed: How to Fix SSL Connection Errors on Android Phones
in Everything EncryptionCloud Security: 5 Serious Emerging Cloud Computing Threats to Avoid
in ssl certificatesThis is what happens when your SSL certificate expires
in Everything EncryptionRe-Hashed: Troubleshoot Firefox’s “Performing TLS Handshake” Message
in Hashing Out Cyber SecurityReport it Right: AMCA got hacked – Not Quest and LabCorp
in Hashing Out Cyber SecurityRe-Hashed: How to clear HSTS settings in Chrome and Firefox
in Everything EncryptionRe-Hashed: The Difference Between SHA-1, SHA-2 and SHA-256 Hash Algorithms
in Everything EncryptionThe Difference Between Root Certificates and Intermediate Certificates
in Everything EncryptionThe difference between Encryption, Hashing and Salting
in Everything EncryptionRe-Hashed: How To Disable Firefox Insecure Password Warnings
in Hashing Out Cyber SecurityCipher Suites: Ciphers, Algorithms and Negotiating Security Settings
in Everything EncryptionThe Ultimate Hacker Movies List for December 2020
in Hashing Out Cyber Security Monthly DigestAnatomy of a Scam: Work from home for Amazon
in Hashing Out Cyber SecurityThe Top 9 Cyber Security Threats That Will Ruin Your Day
in Hashing Out Cyber SecurityHow strong is 256-bit Encryption?
in Everything EncryptionRe-Hashed: How to Trust Manually Installed Root Certificates in iOS 10.3
in Everything EncryptionHow to View SSL Certificate Details in Chrome 56
in Industry LowdownPayPal Phishing Certificates Far More Prevalent Than Previously Thought
in Industry Lowdown