The clock is ticking: SSL certificates will soon only be valid for one year

As early as March, Apple announced at the CA/Browser Forum in Bratislava that it would only issue SSL certificates for its in-house browser Safari for one year (more precisely: 397 days). Under this pressure, the other major browser manufacturers Microsoft, Mozilla and Google finally followed suit. But what does this change mean for our centron customers and website operators? Read all about the background to this change below.

First things first: what do you need to do?

The answer to this question is: nothing, at least not much. All certificates that you are currently using or that you acquire by August 30, 2020 remain valid and have their full remaining lifespan. All SSL certificates issued after September 1, 2020 will then only be valid for a maximum of one year and must be extended accordingly. It is enough for you to keep this in mind.

Background: Why only one year lifespan?

Many users complain that certificates have an expiry date at all. After all, it is a digital good and not a cup of yoghurt. On the surface, this sounds plausible. But if we look under the hood, the step by Apple, Google and Co. makes perfect sense. In essence, there are two main points that we would like to explain to you in more detail.

Reason One: Identity on the Internet

SSL Certificates are primarily used to authenticate trusted websites on the Internet. Behind every certificate there is essential information about the owner – comparable to an identity card or driver’s license. In practice, the certification authority vouches for your identity on the Internet. This is the only way browsers can trust your website at all. Therefore, the certification authority must regularly check your identity and ensure that all details are up to date. This is particularly problematic if the domain owner changes but the certificate continues to run, or if certificate data is stolen. There are blacklists and the Online Certificate Status Protocol for such scenarios. However, the browser manufacturers have now switched this off by default and use an internal manual procedure that only covers particularly serious cases. According to the current regulation, this means in concrete terms: In an emergency, third parties can use your identity on the Internet for up to two years (previously up to five! years) – just until the certificate expires. With the new one-year certificates, the damage is limited to a maximum of 397 days.

Reason Two: Ecosystem Security

If you buy a smartphone, after years of use it will eventually become obsolete and you will need a new one. The same applies to SSL certificates – only on a security level. If you used the same certificate forever, you would only have the security features implemented at the time of purchase. In practice, this means that your websites and services would be easy victims of cyber attacks due to outdated encryption protocols such as SSL 2.0, 3.0 or TLS 1.0. On the one hand, this affects you and your organization, on the other hand, security gaps in the certificate landscape weaken the entire ecosystem. A chain is only ever as strong as its weakest link. A shorter service life ensures that certificates are renewed more often and are therefore equipped with the latest security technology at shorter intervals.

More security on the web

As you can see, there are many reasons why a certificate should have a maximum lifespan of one year. This may seem annoying to you as a user, since you often have to renew your SSL certificates and discounts for longer terms are no longer possible. Ultimately, however, the browser manufacturers’ move serves the purpose of making the Internet a safer place for everyone.

You don’t have an SSL certificate yet or would like to extend your existing one? Book today in our web shop: Buy SSL certificates from centron

Selected ones Press comments on this topic: