Shorter SSL certificates validity and its impact on business domains

By September 21, 2020Domains

SSL/TLS certificates issued for longer than one year will no longer be supported by the biggest browsers starting September 1st, 2020, following Apple’s announcement earlier this year. In order to protect the users more efficiently, the certificates will have to be renewed on an annual basis to avoid the risk of your website disappearing from the popular browsers.

In February 2020 Apple declared that their home browser Safari will not approve and recognize SSL certificates with a validity period longer than 398 days (one year plus renewal grace period). The decision was announced at the CA/Browser Forum in Bratislava, six months after the same idea proposed by Google was rejected at CA/B Forum Ballot SC22. Shortening the certificate validity period was then met with hundreds of negative comments from users, who anticipated additional work and time devoted to certificates management. Where Google failed, Apple went further and took the initiative. From September 1st, 2020, the Safari browser will only display:

  • websites with SSL/TLS certificates obtained after September 1st, 2020 with one-year validity period,
  • websites with SSL/TLS certificates valid under the old rules.

The new limitation will have no influence on intermediates and roots or other types of SSL/TLS certificates. In what is called a chain of trust, a root certificate is used to identify certificate authorities, who subsequently issue intermediate and end-entity certificates. Certificate Authorities therefore should have no reasons to worry about their identification in the public key infrastructure.

The decision should not be shocking to anyone, as the industry has been preparing for this move over the past several years. Shorter lifespan of a certificate has been justified by the higher security it provides, especially by ensuring that new encryption keys are generated regularly. Following Apple’s move, Google has announced that the same limitations on public SSL/TLS certificates will come into force on September 1st, 2020. Considering the fact that Google Chrome and Safari are the two most popular browsers, with 63,7% and 13,6% users respectively, it is only to be expected that other browsers will soon follow suit. Another major browser, Mozilla Firefox (4.09% users) has already informed the public of their adoption of the new standard.

What does that mean for your brand website?

Essentially, shorter certificate validity means that domain name owners will be forced to spend more time and effort in keeping their certificates up to date. If the renewal deadline is missed, the browsers will not display a website due to a failure in HTTPS connection and subsequently an error message will occur. On the other hand, one-year certificates have multiple advantages:

  • they ensure more frequent creation of keys, which significantly raises the protection of your brand online;
  • in case a certificate is compromised, a shorter expiration date minimizes the exposure time;
  • yearly updates, as opposed to biannual, facilitate the exchange of information between businesses, such as company names, addresses, active domains etc.

The switch from manual to automated certificates management thus becomes inevitable. Controlling large domain portfolios might prove time-consuming. Even though there are free basic SSL certificates available across the Internet, they do not offer support and warranty. EBRAND is there to provide solutions that will keep your business websites under control and help save time by centralizing all your SSL certificates and domain names. We strongly recommend trusting a more comprehensive tool to secure data exchange between your website and your users.

With EBRAND, you have all your SSL certificates in one place for easy management using one single interface to control all your technical modifications. We work with globally renowned WebTrust accredited Certificate Authorities known for maintaining high encryption standards.
If you need assistance with selecting the right SSL certificate for your needs, or just have general questions about SSL, let us know. We are happy to assist!

Lutz Berneke

Author Lutz Berneke

More posts by Lutz Berneke