The maximum duration of SSL certificates soon to be reduced to 1 year

Jul 3, 2020  - written by  in Domain names

Following restrictions announced by Apple about improving security on the web, the international regulation of SSL certificates is changing. The Certificate Authorities (CA) have agreed to reduce the lifetime of an SSL certificate to 12 months maximum. This measure will take effect September 1, 2020.

Measure applicable September 1, 2020

Change is in the air for security in Safari web browser. Starting September 1, 2020, the maximum length of an SSL certificate accepted by Apple’s native web browser will be 398 days. Which is to say, HTTPS certificates that expire more than 13 months after their creation will no longer be accepted. Apple announced the change at the CA/Browser forum (CA/B) that took place February 2020 in Bratislava (Slovakia).

Safari will no longer display sites that don’t follow this new rule: an invalid certificate will cause a break in the HTTPS connection which will in turn entail an error message when trying to access the site in question.
While the decision has not yet been put into effect, Google, via Chrome, had previously signaled last year that they would follow a similar decision.

Certificate Authorities align

In keeping with this announcement and anticipating similar announcements to come, the Certificate Authorities (CA) agreed to reduce the lifetime of an SSL certificate to 12 months maximum, to take effect September 1, 2020.

Sectigo, our partner Certificate Authority, as part of this agreement, will also apply this change to certificates issued to Gandi customers.
Starting in the month of August, it will no longer be possible to purchase a certificate valid for more than one year on gandi.net.

NB: Certificates issued before September 1, 2020, even for longer than a period of 1 year, will not be impacted by this change.
However, any update you make before the end of the validity period of your certificate, a new certificate will be issued to you with a maximum duration of one year.

This is one use case that we identified with our partner Sectigo and for which we have developed solutions.

For any SSL certificate regenerations, we recommend contacting our Customer care team via https://help.gandi.net/.

What’s an SSL certificate?

An SSL (or TLS) certificate allows for the exchange of encrypted information between two parties and is used for connections via FTPS, SMTPS, POP3S, and IMAPS. The most well-known usage, however, is to secure connections to an internet site via HTTPS. The certificate guarantees that data exchanged between the user and the internet site remain confidential.

In order to obtain a valid certificate, the owner of the site needs to prove the legitimacy of the request using a CSR (Certificate Signing Request). This is an encrypted block of text that verifies that the requestor of a certificate is the owner of the domain name that would be protected by the certificate.
Generating a CSR also creates a private key, a necessary element for implementing the certificate once issued.

The decision to reduce the length an SSL certificate is valid for to one year ensures a higher degree of security on websites since the owners of the domain names will be required to verify the validity of requests to secure their websites with an SSL certificate every year.

If you have any questions, please feel free to contact our Customer care team  at https://help.gandi.net/.