Sectigo: One Year Validity for SSL/TLS Certificates to Start Aug. 19

Sectigo: One Year Validity for SSL/TLS Certificates to Start Aug. 19

1 Star2 Stars3 Stars4 Stars5 Stars (17 votes, average: 4.29 out of 5)

If you want to take advantage of certificates with two year validity for a little longer, now’s the time to buy them (before they’re gone)…

Notice About the One Year Certificate Validity Change

Tuesday, Aug. 18, 2020 marks the last day that you can issue Sectigo SSL/TLS certificates with two-year validity.

In February 2020, Apple decided to shake things up within the SSL/TLS industry. They announced at the CA/Browser Forum (CA/B Forum) that their Safari browser would no longer recognize certificates that had a validity period of longer than one year (or, more accurately, 398 days) on or after Sept. 1, 2020. This move opened the door for other browsers (like Google Chrome) to follow suit and require one year certificate validity.

What this means for you is that if you want to issue a Sectigo SSL/TLS certificate with two-year validity, you’d better get a move on now. For Sectigo SSL/TLS certificates, any certificates issued on or before Aug. 18 will be grandfathered in with the two-year validity. Any certs issued on or after Aug 19, on the other hand, will be limited to a one year lifespan.

The reason for this is because we’d already started preparing for a shift to shorter certificate validity well before Apple had a chance to announce their intentions.  

We’ve Got You Covered With Multi-Year Subscription Plans

The good news is that Sectigo could see this move by the browsers coming and started rolling out new SSL/TLS “subscription” plans. These handy plans enable you to bundle multiple years of coverage — up to five, in fact — through these multi-year plans.

Screenshot of one of Sectigo's SSL/TLS certificate subscription plans in preparation of the industry's move to one year validity

It’s kind of like the concept of buying in bulk at big box stores: While you pay more in terms of the up-front purchase cost, you actually wind up paying less for each year of coverage. This saves you more money over time.

But unlike buying pickles or other frivolous items in bulk, this is something that you can actually use to keep your data — and that of your customers — secure.

Now, of course, there is one catch: With the multi-year subscription plans, you’ll still have to re-issue your certificates annually. It’s just the reality of the situation (there’s nothing we can do about it — sorry). The benefit of it, though, is that it will cost you less money to secure your domain(s) in the long run.

Why the Move to One Year Validity for SSL/TLS Certificates Is a Good Thing…

We get it — people are resistant to change. But the truth of the matter is that this move to one year validity isn’t as bad as it sounds and actually is beneficial to organizations and end users alike in several ways.

Sure, it makes it more difficult for site owners and admins who handle their certificate management manually because it means that you have to re-issue your certificates and rotate your keys more frequently. For enterprises and other organizations who use trusty certificate management tools, the switch isn’t going to be as big of a deal.

But logistics aside, there are actually a few important reasons why a shorter certificate validity period is beneficial. With one year certificate validity:

  • Your certificates contain the most up-to-date information. This means that if any of your organizational information changes, you’ll be able to update that information more quickly.
  • Shorter certificate validity means that certificate security updates roll out more quickly. If certificates are being re-issued more frequently, then the idea here is that those updates will be implemented across all websites using those certs in less time.
  • It makes websites more secure by requiring more frequent key generation. This idea here is that this gives hackers less time to try to crack the key before you swap it out for a new one.

This Is Where Certificate Management and Automation Can Really Help…

Of course, we understand that managing the certificate life cycle without the right tools makes your job a lot harder (if not impossible). It’s like trying to cook a gourmet meal with just a hair dryer, clothing iron, and a piece of metal: It doesn’t have good results and you’ll likely get burned in the process.

A reliable certificate management tool is one that:

  • Provides greater visibility into your public key infrastructure (PKI). This means that you’ll be able to track all of your digital certificates easily and efficiently. Say goodbye to shadow SSL/TLS certificates and hello to greater security!
  • Has a dashboard that places everything you need at your fingertips. Keeping everything conveniently in one location really helps to streamline the certificate management process.
  • Introduces automation to the certificate management process. Why are you spending days or even weeks of your time tracking and managing certificates? Certificate management automation frees you (or your team) up from performing repetitive, menial tasks to focus on higher-level projects that can help you to better secure your business. It’s a win-win for security and for your own sanity.

A Final Takeaway on the Shift to One Year Certificate Validity

Look, we know you’re busy and are looking for ways to simplify your job and not make it more complicated. And that’s why we’re here with this reminder post about the upcoming change to one year certificate validity. Aug 19 is right around the corner, and we don’t want you to get caught off-guard. So, either go ahead and buy your SSL/TLS certificates now (on or before Aug. 18, 2020) to continue using certificates with two-year validity, or you can choose to wait until the deadline passes (Aug. 19, 2020) and take advantage of our multi-year subscription plans. The choice is up to you.

About the author

Casey is a writer and editor with a background in journalism, marketing, PR and communications. She has written about cyber security and information technology for several industry publications, including InfoSec Insights, Hashed Out, Experfy, HackerNoon, and Cybercrime Magazine.